Verify CA equivalent in the new API

sigrlami / glaze-mq

Multi-protocol exchange broker for IoT within the 5G-and-Beyond networks, and primary emphasis on scalability.

MIT License

12 stars 2 forks source link

Verify CA equivalent in the new API #8

Open alexzaru opened 9 months ago

alexzaru commented 9 months ago

I've noticed that the set_force_verify_ca method, along with other methods, has been removed from the MqttOptions type in the new version. I'm unsure of the equivalent method for set_force_verify_ca in the new version.

In my case, self-signed certificates were used for tests and lower environments, and I need to upgrade to a newer version. I see that I need to use the new ConnectionType::TLS, but I can't find a way to set it to not verify the CA.

Any suggestions how to us thisn ow?

sigrlami commented 9 months ago

Yes, rustls is the default now and doesn't support disabling CA verification. See more here: https://docs.rs/rustls/0.22.2/rustls/index.html#rustls-takes-care-of-server-certificate-verification

For dev env, you need proxy CA with the signed root certificate, look for mkcert or openssl on how to create those for localhost.

sigrlami commented 9 months ago

I'll update the documentation on a development environment.