Some OpenSSL engines (selectable via tls_engine option) may require a
password to make use of private keys created with them in the first place.
The TPM engine for example, will require a password to access the underlying
TPM's Storage Root Key (SRK), which is the root key of a hierarchy of keys
associated with a TPM; it is generated within a TPM and is a non-migratable
key. Each owned TPM contains a SRK, generated by the TPM at the request
of the Owner. [1]
By default, the engine will prompt the user to introduce the SRK password
before any private keys created with the engine can be used. This could
be inconvenient when running on an unattended system.
Here's where the new tls_engine_kpass_sha option comes in handy. The user
can specify a SHA1 hash of its engine private key password via command
line or config file and it will be passed on to the engine directly.
This commit adds support for both clients (libmosquitto) and broker.
[1] https://goo.gl/qQoXBY
Signed-off-by: Nicolás Pernas Maradei <nicopernas@gmail.com>
- Clients can now offload crypto tasks to an external crypto device through
the OpenSSL ENGINE API.
- The keyfiles can now be treated as PEM or ENGINE keys.
- Two new functions were added to libmosquitto to set up the previously
mentioned features.
- Both mosquitto_sub and mosquitto_pub include support to turn on the mentioned
features through command line options.
Signed-off-by: Nicolás Pernas Maradei <nicopernas@gmail.com>
At the moment, pkg-config hint files are only installed when CMake is
used as build system. However, it is very convenient for programs using
libmosquitto to have these files always in place, so let's add it
here, too.
Signed-off-by: Michael Heimpold <michael.heimpold@i2se.com>
A modern version of the clang compiler complained about:
* unused parameters
* additional semicolon
. This commit fixes these warnings.
Signed-off-by: Jens Breitbart <jbreitbart@gmail.com>
The WITH_* flags are not handed over to the C++ wrapper, instead it relies on
the actual library to check status.
Signed-off-by: Johan de Vries (Ubuntu VM) <devries@wivion.nl>
In order to make the CPP static library include all
objects from the C static library, the list of objects
(MOSQ_OBJS) is isolated into objects.mk to be used for
building the C and CPP static libraries.
Signed-off-by: Lance Chen <cyen0312@gmail.com>
Enables parallel build mode.
Accepted without CLA after discussion with Eclipse Foundation legal
about very small patches that can only be implemented in one way.
See bug report for acceptance of Certificate of Origin.
Bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=463884
Also-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
