Specify a hostname for the SSL hostname check

eclipse / paho.mqtt.c

An Eclipse Paho C client library for MQTT for Windows, Linux and MacOS. API documentation: https://eclipse.github.io/paho.mqtt.c/

https://eclipse.org/paho

Other

1.94k stars 1.09k forks source link

Specify a hostname for the SSL hostname check #1402

Open matthiasklein opened 11 months ago

matthiasklein commented 11 months ago

Due to the "prefer ip4 addresses" (see issue https://github.com/eclipse/paho.mqtt.c/issues/1396), the idea arose to perform name resolution outside of the PAHO library in the application.

For example, the "happy eyeballs" algorithm could be implemented in the application. Then only an IP address and port would be passed to the PAHO library.

The corresponding hostname would then have to be passed separately to enable SSL hostname verification.

freebendy commented 3 months ago

I am hitting the same issue. My application has own DNS resolve logic so I resolve the hostname outside paho and pass IP address to it. And I got error MQTTAsync_rcv: PAHO trace: SSL error: <00132D9C:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:../openssl-3.0.12/ssl/record/rec_layer_s3.c:303:. I think this because IP address is set via SSL_set_tlsext_host_name and it failed the name verification.