New library addition mqttkdb_ssl.so which allows both TLS/SSL and non-TLS/SSL connections.
Differs from existing mqttkdb.so in that it requires the mqtt library libpaho-mqtt3cs and openssl libs to be installed on the system.
The mqttkdb.so is still provided for non TLS/SSL users, preventing them from having to install TLS/SSL libs on their system.
When using mqttkdb_ssl.so :
the connection URI needs to change from tcp:// to ssl:// in order to work with SSL/TLS connections
remember to alter q script to load the mqttkdb_ssl.so instead of mqttkdb.so
requires SSL/TLS specific connection params (in addition to any existing params e.g. username/password)
New connection params
Name
Type
Details
trustStore
sym
The file in PEM format containing the public digital certificates trusted by the client.
keyStore
sym
The file in PEM format containing the public certificate chain of the client. It may also include the client's private key.
privateKey
sym
If not included in the sslKeyStore, this setting points to the file in PEM format containing the client's private key.
privateKeyPassword
sym
The password to load the client's privateKey if encrypted.
enabledCipherSuites
sym
The list of cipher suites that the client will present to the server during the SSL handshake. For a full explanation of the cipher list format, please see the OpenSSL on-line documentation: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT If this setting is ommitted, its default value will be "ALL", that is, all the cipher suites -excluding those offering no encryption- will be considered. This setting can be used to set an SSL anonymous connection ("aNULL" string value, for instance)
enableServerCertAuth
int/long
True/False (i.e. 1/0) option to enable verification of the server certificate
sslVersion
int/long
The SSL/TLS version to use. Specify one of MQTT_SSL_VERSION_DEFAULT (0), MQTT_SSL_VERSION_TLS_1_0 (1), MQTT_SSL_VERSION_TLS_1_1 (2) or MQTT_SSL_VERSION_TLS_1_2 (3). Only used if struct_version is >= 1
verify
int/long
Whether to carry out post-connect checks, including that a certificate matches the given host name.
CApath
sym
From the OpenSSL documentation: If CApath is not NULL, it points to a directory containing CA certificates in PEM format
New library addition
mqttkdb_ssl.sowhich allows both TLS/SSL and non-TLS/SSL connections. Differs from existingmqttkdb.soin that it requires the mqtt librarylibpaho-mqtt3csand openssl libs to be installed on the system. Themqttkdb.sois still provided for non TLS/SSL users, preventing them from having to install TLS/SSL libs on their system.When using
mqttkdb_ssl.so:tcp://tossl://in order to work with SSL/TLS connectionsmqttkdb_ssl.soinstead ofmqttkdb.soNew connection params
Example