Closed sshanks-kx closed 1 year ago
lib needs updated to get the likes of https://github.com/eclipse/paho.mqtt.c/commit/9e9cba2ea2f8a515a9102e94961dc6e4808bb7e3
New library addition mqttkdb_ssl.so
which allows both TLS/SSL and non-TLS/SSL connections.
Differs from existing mqttkdb.so
in that it requires the mqtt library libpaho-mqtt3cs
and openssl libs to be installed on the system.
The mqttkdb.so
is still provided for non TLS/SSL users, preventing them from having to install TLS/SSL libs on their system.
When using mqttkdb_ssl.so
:
tcp://
to ssl://
in order to work with SSL/TLS connectionsmqttkdb_ssl.so
instead of mqttkdb.so
New connection params
Name | Type | Details |
---|---|---|
trustStore | sym | The file in PEM format containing the public digital certificates trusted by the client. |
keyStore | sym | The file in PEM format containing the public certificate chain of the client. It may also include the client's private key. |
privateKey | sym | If not included in the sslKeyStore, this setting points to the file in PEM format containing the client's private key. |
privateKeyPassword | sym | The password to load the client's privateKey if encrypted. |
enabledCipherSuites | sym | The list of cipher suites that the client will present to the server during the SSL handshake. For a full explanation of the cipher list format, please see the OpenSSL on-line documentation: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT If this setting is ommitted, its default value will be "ALL", that is, all the cipher suites -excluding those offering no encryption- will be considered. This setting can be used to set an SSL anonymous connection ("aNULL" string value, for instance) |
enableServerCertAuth | int/long | True/False (i.e. 1/0) option to enable verification of the server certificate |
sslVersion | int/long | The SSL/TLS version to use. Specify one of MQTT_SSL_VERSION_DEFAULT (0), MQTT_SSL_VERSION_TLS_1_0 (1), MQTT_SSL_VERSION_TLS_1_1 (2) or MQTT_SSL_VERSION_TLS_1_2 (3). Only used if struct_version is >= 1 |
verify | int/long | Whether to carry out post-connect checks, including that a certificate matches the given host name. |
CApath | sym | From the OpenSSL documentation: If CApath is not NULL, it points to a directory containing CA certificates in PEM format |
Example
opts:`trustStore`enableServerCertAuth`verify`sslVersion!((`$"/mqttq/server-certs/ca.crt");(0i);(0i);(0i))
.mqtt.conn[`$"ssl://localhost:1883";`rcv;opts];
Some work done on https://github.com/KxSystems/mqtt/pull/44 - thanks to walshphilip86 - windows not building with change (may be due to pragmas in src for windows)
Ref: https://www.eclipse.org/paho/files/mqttdoc/MQTTClient/html/struct_m_q_t_t_client___s_s_l_options.html http://www.steves-internet-guide.com/mosquitto-tls/
Need to check use with and without ssl (and without any installed ssl libs)...may need to create separate client libs. Various fixes in newer paho mqtt lib - may upgrade also.