Open lakshmisivareddy opened 1 year ago
I believe you wish to change server_hostname
within wrap_socket
; unfortunately this is currently fixed in the code (reconnect
function):
# Try with server_hostname, even it's not supported in certain scenarios
sock = self._ssl_context.wrap_socket(
sock,
server_hostname=self._host,
do_handshake_on_connect=False,
)
One option would be to do this via DNS (e.g. a CNAME for example1.test.com
, using a domain you own!, pointing to istio-test.westus2.cloudapp.azure.com
); that should work as-is.
Alternatively see the subclass example. Using this technique you can override reconnect()
and configure the server_hostname
as you require.
As this would seem to be a fairly rare requirement I'm going to leave it there; please let us know if that is useful or you believe modifications to the library are needed (given this was logged sometime ago I'd guess you may already have a solution).
As this would seem to be a fairly rare requirement I'm going to leave it there; please let us know if that is useful or you believe modifications to the library are needed (given this was logged sometime ago I'd guess you may already have a solution).
Just adding my 2 cents to this issue: I was looking for the same option (specify the server_hostname
of the SSL context): our MQTT broker has several servers all of which are behind a single record (i.e. DNS returns multiple A records for the same name) and we needed to verify that all IPs are working as expected [in our case it was mainly to verify the firewall in front of our clients].
The work-around we applied:
import paho.mqtt.client as mqtt
import ssl
import socket as _socket
ip = "127.2.3.4"
port = 8883
host = "foo.example.com"
client_id = "foo"
class ServerNameClient(mqtt.Client):
def _ssl_wrap_socket(self, tcp_sock: _socket.socket) -> ssl.SSLSocket:
orig_host = self._host
self._host = host
res = super()._ssl_wrap_socket(tcp_sock)
self._host = orig_host
return res
mc = ServerNameClient(mqtt.CallbackAPIVersion.VERSION2, client_id=client_id)
...
mc.connect(ip, port=port)
mc.loop_forever()
In other threads regarding SNI (i.e. https://github.com/eclipse/paho.mqtt.python/issues/133#issuecomment-269967646) there was some fear that adding it may confuse users but that might be avoidable if the server_hostanme
was an option of Client.tls_set
, i.e. that one could do something like:
mc = mqtt.Client(mqtt.CallbackAPIVersion.VERSION2, client_id=client_id)
mc.tls_set(server_hostname="foo.example.com")
mc.connect(ip, port=port)
mc.loop_forever()
and that _ssl_wrap_socket
would then prefer it (foo.example.com) over the host param of connect
Hi Team , i have a Multiple MQTT Broker hosted in K8's , these MQTT Brokers are behind the ingress controller ingress controller routes the traffic to appropriate broker based on SNI for non TLS i am able to verify the connection using below command openssl s_client -showcerts -connect istio-test.westus2.cloudapp.azure.com:8883 -servername example1.test.com openssl s_client -showcerts -connect istio-test.westus2.cloudapp.azure.com:8883 -servername example2.test.com
with TLS traffic i am not able to set specific SNI (servername). By default SNI going as istio-test.westus2.cloudapp.azure.com
please fine the sample i am trying
Can some one help me here