Closed cdurante closed 7 years ago
Sorry, I am having laptop troubles at the moment, so can't do any work on this at the moment.
But looking at this Stack Overflow answer: http://stackoverflow.com/questions/30244745/opensslsslsslcontext-sni-servername-cb-not-working
It looks like it just involves setting @socket.hostname
before calling @socket.connect
:
https://github.com/njh/ruby-mqtt/blob/master/lib/mqtt/client.rb#L267
Do you want to give it a go and see if it works?
Hi,
Did you get a chance to see if this fixes your problem?
nick.
Hey, I I got this to work. This way user can optionally provide in the @hostname parameter to indicate that server name checking should occur instead of always copying @host -> @hostname by default.
PR
Is there a benefit to being able to specify both a hostname to connect to and a hostname to verify against? Shouldn't they always be both the same?
That was a question I had when adding @hostname.... Certainly for my use case they should be the same, but I wasn't sure if there are use cases where you either wouldn't want to pass @hostname or you might want it to be different from @host.
I have added SNI support in 3173302.
I haven't tested with OpenShift, but I have tested with sniproxy v.0.4.0 using the following configuration:
listener 127.0.0.1:8883 {
protocol tls
table TableName
}
error_log {
filename /dev/stdout
priority debug
}
table TableName {
localhost 37.187.106.16:8883
}
And the following Ruby script:
MQTT::Client.connect(:host => 'localhost', :port => 8883, :ssl => true) do |client|
# If you pass a block to the get method, then it will loop
client.get('#') do |topic,message|
puts "#{topic}: #{message}"
end
end
Without the fix in 3173302, it was getting SSL errors. With the fix, it was successfully connecting to test.mosquitto.org.
Looks great
Currently, the only way I've seen to handle a fleet of devices connecting to Mosquito brokers running in OpenShift containers requires support of TLS SNI on the client side. Support for SNI would be a very welcome addition to this library, since this is really the only active mqtt library for ruby, I thought I'd ask here first.