search

eclipse / paho.mqtt-sn.embedded-c

Paho C MQTT-SN gateway and libraries for embedded systems. Paho is an Eclipse IoT project.
https://eclipse.org/paho
Other
314 stars 179 forks source link

ClientAuthentication=NO not supported while using AWS IOT broker #205

Closed saumilsdk closed 4 years ago

saumilsdk commented 4 years ago

ClientAuthentication=NO not supported while using AWS IOT broker and paho MQTT-SN doesn't connect to AWS IOT broker

ty4tw commented 4 years ago

If you want to connect a broker via TLS connection, ClientAuthentication should be YES. and Clients should be defined by cliens.conf

saumilsdk commented 4 years ago

@ty4tw i have defined clients in clients.conf but IP and PORT i am able to give randomly anything and clients are still able to connect and send packets.

ty4tw commented 4 years ago

show me your clients.conf.

saumilsdk commented 4 years ago

GatewayTestClient,127.0.0.1:20020,secureConnection cli007,35.170.7.1:20020,secureConnection cli008,35.170.7.2:20020,secureConnection cli009,35.170.7.3:20020,secureConnection

saumilsdk commented 4 years ago

hi @ty4tw why should you set only client address when client is not having secure network? Just wanted to understand the flow.

saumilsdk commented 4 years ago

@ty4tw Can you please help me to understand what this the use of clientAddress? And how it is related to clientAuthentication?

saumilsdk commented 4 years ago

@ty4tw Can you please help me to understand what this the use of clientAddress? And how it is related to clientAuthentication?

ty4tw commented 4 years ago

Hi, Gateway recognizes Client by only ClientID.
when the other client sends CONNECT with the same ClientID via a different sensor network address ( ex. IP and port ), Gateway disconnects a current sensor network connection and sends a CONNECT message to a broker to establish a new connection. 
If you change the code as follows. you can prohibit CONNECT from the different sensor network address.

//      if ( client )
//      {
//            /* Authentication is not required */
//           if ( _gateway->getGWParams()->clientAuthentication == false)
//          {
//              client->setClientAddress(senderAddr);
//          }
//     }
//     else
     if ( client == nullptr )
     {
           /* create a new client */
           client = clientList->createClient(senderAddr, &data.clientID, clientType);
     }

clientList->createClient( ) function checks that clients authentication is required or not before creating a new client. The function searches a client in a clientList with ClientID and a sensor network address. if finds it returns a pointer of a Client instance, if not returns a nullptr. If clients authentication is not required creates a new client instance immediately and returns a pointer of the instance. ClientList is generated from clients.conf file in a initialization process of Gateway.