github
/
mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove support for openssl 1.0.0 and 1.0.1.

Browse Source 
These are no longer supported by openssl.
pull/779/head
Roger A. Light 8 years ago
parent 8470ca89b9
commit 24d68b5af8
14 changed files with 30 additions and 86 deletions
Show Stats Download Patch File Download Diff File

2
ChangeLog.txt
Unescape Escape View File

@ -133,6 +133,8 @@ Build:
- Add WITH_STATIC_LIBRARIES (defaulting to "no") that when set to "yes" will - Add WITH_STATIC_LIBRARIES (defaulting to "no") that when set to "yes" will
build and install static versions of the client libraries. build and install static versions of the client libraries.
- Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636. - Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636.
- Support for openssl versions 1.0.0 and 1.0.1 has been removed as these are
no longer supported by openssl.
Documentation: Documentation:
- Replace mentions of deprecated 'c_rehash' with 'openssl rehash'. - Replace mentions of deprecated 'c_rehash' with 'openssl rehash'.

18
lib/net_mosq.c
Unescape Escape View File

@ -190,7 +190,7 @@ int net__socket_close(struct mosquitto *mosq)
} }
#ifdef REAL_WITH_TLS_PSK #ifdef WITH_TLS_PSK
static unsigned int psk_client_callback(SSL *ssl, const char *hint, static unsigned int psk_client_callback(SSL *ssl, const char *hint,
char *identity, unsigned int max_identity_len, char *identity, unsigned int max_identity_len,
unsigned char *psk, unsigned int max_psk_len) unsigned char *psk, unsigned int max_psk_len)
@ -458,7 +458,6 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
} }
if(mosq->tls_cafile || mosq->tls_capath || mosq->tls_psk){ if(mosq->tls_cafile || mosq->tls_capath || mosq->tls_psk){
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
if(!mosq->tls_version){ if(!mosq->tls_version){
mosq->ssl_ctx = SSL_CTX_new(SSLv23_client_method()); mosq->ssl_ctx = SSL_CTX_new(SSLv23_client_method());
}else if(!strcmp(mosq->tls_version, "tlsv1.2")){ }else if(!strcmp(mosq->tls_version, "tlsv1.2")){
@ -472,15 +471,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
COMPAT_CLOSE(mosq->sock); COMPAT_CLOSE(mosq->sock);
return MOSQ_ERR_INVAL; return MOSQ_ERR_INVAL;
} }
#else
if(!mosq->tls_version || !strcmp(mosq->tls_version, "tlsv1")){
mosq->ssl_ctx = SSL_CTX_new(TLSv1_client_method());
}else{
log__printf(mosq, MOSQ_LOG_ERR, "Error: Protocol %s not supported.", mosq->tls_version);
COMPAT_CLOSE(mosq->sock);
return MOSQ_ERR_INVAL;
}
#endif
if(!mosq->ssl_ctx){ if(!mosq->ssl_ctx){
log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to create TLS context."); log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to create TLS context.");
COMPAT_CLOSE(mosq->sock); COMPAT_CLOSE(mosq->sock);
@ -488,10 +479,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
return MOSQ_ERR_TLS; return MOSQ_ERR_TLS;
} }
#if OPENSSL_VERSION_NUMBER >= 0x10000000
/* Disable compression */ /* Disable compression */
SSL_CTX_set_options(mosq->ssl_ctx, SSL_OP_NO_COMPRESSION); SSL_CTX_set_options(mosq->ssl_ctx, SSL_OP_NO_COMPRESSION);
#endif
#ifdef SSL_MODE_RELEASE_BUFFERS #ifdef SSL_MODE_RELEASE_BUFFERS
/* Use even less memory per SSL connection. */ /* Use even less memory per SSL connection. */
SSL_CTX_set_mode(mosq->ssl_ctx, SSL_MODE_RELEASE_BUFFERS); SSL_CTX_set_mode(mosq->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
@ -574,7 +564,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
return MOSQ_ERR_TLS; return MOSQ_ERR_TLS;
} }
} }
#ifdef REAL_WITH_TLS_PSK #ifdef WITH_TLS_PSK
}else if(mosq->tls_psk){ }else if(mosq->tls_psk){
SSL_CTX_set_psk_client_callback(mosq->ssl_ctx, psk_client_callback); SSL_CTX_set_psk_client_callback(mosq->ssl_ctx, psk_client_callback);
#endif #endif

15
lib/options.c
Unescape Escape View File

@ -175,7 +175,6 @@ int mosquitto_tls_opts_set(struct mosquitto *mosq, int cert_reqs, const char *tl
mosq->tls_cert_reqs = cert_reqs; mosq->tls_cert_reqs = cert_reqs;
if(tls_version){ if(tls_version){
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
if(!strcasecmp(tls_version, "tlsv1.2") if(!strcasecmp(tls_version, "tlsv1.2")
|| !strcasecmp(tls_version, "tlsv1.1") || !strcasecmp(tls_version, "tlsv1.1")
|| !strcasecmp(tls_version, "tlsv1")){ || !strcasecmp(tls_version, "tlsv1")){
@ -185,20 +184,8 @@ int mosquitto_tls_opts_set(struct mosquitto *mosq, int cert_reqs, const char *tl
}else{ }else{
return MOSQ_ERR_INVAL; return MOSQ_ERR_INVAL;
} }
#else
if(!strcasecmp(tls_version, "tlsv1")){
mosq->tls_version = mosquitto__strdup(tls_version);
if(!mosq->tls_version) return MOSQ_ERR_NOMEM;
}else{
return MOSQ_ERR_INVAL;
}
#endif
}else{ }else{
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
mosq->tls_version = mosquitto__strdup("tlsv1.2"); mosq->tls_version = mosquitto__strdup("tlsv1.2");
#else
mosq->tls_version = mosquitto__strdup("tlsv1");
#endif
if(!mosq->tls_version) return MOSQ_ERR_NOMEM; if(!mosq->tls_version) return MOSQ_ERR_NOMEM;
} }
if(ciphers){ if(ciphers){
@ -231,7 +218,7 @@ int mosquitto_tls_insecure_set(struct mosquitto *mosq, bool value)
int mosquitto_tls_psk_set(struct mosquitto *mosq, const char *psk, const char *identity, const char *ciphers) int mosquitto_tls_psk_set(struct mosquitto *mosq, const char *psk, const char *identity, const char *ciphers)
{ {
#ifdef REAL_WITH_TLS_PSK #ifdef WITH_TLS_PSK
if(!mosq || !psk || !identity) return MOSQ_ERR_INVAL; if(!mosq || !psk || !identity) return MOSQ_ERR_INVAL;
/* Check for hex only digits */ /* Check for hex only digits */

7
lib/tls_mosq.h
Unescape Escape View File

@ -26,13 +26,6 @@ Contributors:
#ifdef WITH_TLS #ifdef WITH_TLS
#include <openssl/ssl.h> #include <openssl/ssl.h>
#ifdef WITH_TLS_PSK
# if OPENSSL_VERSION_NUMBER >= 0x10000000
# define REAL_WITH_TLS_PSK
# else
# warning "TLS-PSK not supported, openssl too old."
# endif
#endif
int mosquitto__server_certificate_verify(int preverify_ok, X509_STORE_CTX *ctx); int mosquitto__server_certificate_verify(int preverify_ok, X509_STORE_CTX *ctx);
int mosquitto__verify_certificate_hostname(X509 *cert, const char *hostname); int mosquitto__verify_certificate_hostname(X509 *cert, const char *hostname);

2
lib/util_mosq.c
Unescape Escape View File

@ -344,7 +344,7 @@ int mosquitto_topic_matches_sub2(const char *sub, size_t sublen, const char *top
return MOSQ_ERR_SUCCESS; return MOSQ_ERR_SUCCESS;
} }
#ifdef REAL_WITH_TLS_PSK #ifdef WITH_TLS_PSK
int mosquitto__hex2bin(const char *hex, unsigned char *bin, int bin_max_len) int mosquitto__hex2bin(const char *hex, unsigned char *bin, int bin_max_len)
{ {
BIGNUM *bn = NULL; BIGNUM *bn = NULL;

2
lib/util_mosq.h
Unescape Escape View File

@ -33,7 +33,7 @@ void mosquitto__check_keepalive(struct mosquitto *mosq);
uint16_t mosquitto__mid_generate(struct mosquitto *mosq); uint16_t mosquitto__mid_generate(struct mosquitto *mosq);
FILE *mosquitto__fopen(const char *path, const char *mode, bool restrict_read); FILE *mosquitto__fopen(const char *path, const char *mode, bool restrict_read);
#ifdef REAL_WITH_TLS_PSK #ifdef WITH_TLS_PSK
int mosquitto__hex2bin(const char *hex, unsigned char *bin, int bin_max_len); int mosquitto__hex2bin(const char *hex, unsigned char *bin, int bin_max_len);
#endif #endif

6
mosquitto.conf
Unescape Escape View File

@ -221,10 +221,8 @@
#keyfile #keyfile
# This option defines the version of the TLS protocol to use for this listener. # This option defines the version of the TLS protocol to use for this listener.
# The default value allows v1.2, v1.1 and v1.0, if they are all supported by # The default value allows v1.2, v1.1 and v1.0. The valid values are tlsv1.2
# the version of openssl that the broker was compiled against. For openssl >= # tlsv1.1 and tlsv1.
# 1.0.1 the valid values are tlsv1.2 tlsv1.1 and tlsv1. For openssl < 1.0.1 the
# valid values are tlsv1.
#tls_version #tls_version
# By default a TLS enabled listener will operate in a similar fashion to a # By default a TLS enabled listener will operate in a similar fashion to a

2
src/bridge.c
Unescape Escape View File

@ -82,7 +82,7 @@ int bridge__new(struct mosquitto_db *db, struct mosquitto__bridge *bridge)
new_context->tls_cert_reqs = SSL_VERIFY_PEER; new_context->tls_cert_reqs = SSL_VERIFY_PEER;
new_context->tls_version = new_context->bridge->tls_version; new_context->tls_version = new_context->bridge->tls_version;
new_context->tls_insecure = new_context->bridge->tls_insecure; new_context->tls_insecure = new_context->bridge->tls_insecure;
#ifdef REAL_WITH_TLS_PSK #ifdef WITH_TLS_PSK
new_context->tls_psk_identity = new_context->bridge->tls_psk_identity; new_context->tls_psk_identity = new_context->bridge->tls_psk_identity;
new_context->tls_psk = new_context->bridge->tls_psk; new_context->tls_psk = new_context->bridge->tls_psk;
#endif #endif

20
src/conf.c
Unescape Escape View File

@ -315,7 +315,7 @@ void config__cleanup(struct mosquitto__config *config)
#ifdef WITH_TLS #ifdef WITH_TLS
mosquitto__free(config->bridges[i].tls_version); mosquitto__free(config->bridges[i].tls_version);
mosquitto__free(config->bridges[i].tls_cafile); mosquitto__free(config->bridges[i].tls_cafile);
#ifdef REAL_WITH_TLS_PSK #ifdef WITH_TLS_PSK
mosquitto__free(config->bridges[i].tls_psk_identity); mosquitto__free(config->bridges[i].tls_psk_identity);
mosquitto__free(config->bridges[i].tls_psk); mosquitto__free(config->bridges[i].tls_psk);
#endif #endif
@ -586,7 +586,7 @@ int config__read(struct mosquitto__config *config, bool reload)
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration."); log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
return MOSQ_ERR_INVAL; return MOSQ_ERR_INVAL;
} }
#ifdef REAL_WITH_TLS_PSK #ifdef WITH_TLS_PSK
if(config->bridges[i].tls_psk && !config->bridges[i].tls_psk_identity){ if(config->bridges[i].tls_psk && !config->bridges[i].tls_psk_identity){
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration: missing bridge_identity.\n"); log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration: missing bridge_identity.\n");
return MOSQ_ERR_INVAL; return MOSQ_ERR_INVAL;
@ -809,7 +809,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, const
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration."); log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
return MOSQ_ERR_INVAL; return MOSQ_ERR_INVAL;
} }
#ifdef REAL_WITH_TLS_PSK #ifdef WITH_TLS_PSK
if(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){ if(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){
log__printf(NULL, MOSQ_LOG_ERR, "Error: Cannot use both certificate and psk encryption in a single bridge."); log__printf(NULL, MOSQ_LOG_ERR, "Error: Cannot use both certificate and psk encryption in a single bridge.");
return MOSQ_ERR_INVAL; return MOSQ_ERR_INVAL;
@ -826,7 +826,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, const
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration."); log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
return MOSQ_ERR_INVAL; return MOSQ_ERR_INVAL;
} }
#ifdef REAL_WITH_TLS_PSK #ifdef WITH_TLS_PSK
if(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){ if(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){
log__printf(NULL, MOSQ_LOG_ERR, "Error: Cannot use both certificate and psk encryption in a single bridge."); log__printf(NULL, MOSQ_LOG_ERR, "Error: Cannot use both certificate and psk encryption in a single bridge.");
return MOSQ_ERR_INVAL; return MOSQ_ERR_INVAL;
@ -843,7 +843,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, const
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration."); log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
return MOSQ_ERR_INVAL; return MOSQ_ERR_INVAL;
} }
#ifdef REAL_WITH_TLS_PSK #ifdef WITH_TLS_PSK
if(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){ if(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){
log__printf(NULL, MOSQ_LOG_ERR, "Error: Cannot use both certificate and psk encryption in a single bridge."); log__printf(NULL, MOSQ_LOG_ERR, "Error: Cannot use both certificate and psk encryption in a single bridge.");
return MOSQ_ERR_INVAL; return MOSQ_ERR_INVAL;
@ -854,7 +854,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, const
log__printf(NULL, MOSQ_LOG_WARNING, "Warning: Bridge and/or TLS support not available."); log__printf(NULL, MOSQ_LOG_WARNING, "Warning: Bridge and/or TLS support not available.");
#endif #endif
}else if(!strcmp(token, "bridge_identity")){ }else if(!strcmp(token, "bridge_identity")){
#if defined(WITH_BRIDGE) && defined(REAL_WITH_TLS_PSK) #if defined(WITH_BRIDGE) && defined(WITH_TLS_PSK)
if(reload) continue; // FIXME if(reload) continue; // FIXME
if(!cur_bridge){ if(!cur_bridge){
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration."); log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
@ -889,7 +889,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, const
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration."); log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
return MOSQ_ERR_INVAL; return MOSQ_ERR_INVAL;
} }
#ifdef REAL_WITH_TLS_PSK #ifdef WITH_TLS_PSK
if(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){ if(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){
log__printf(NULL, MOSQ_LOG_ERR, "Error: Cannot use both certificate and psk encryption in a single bridge."); log__printf(NULL, MOSQ_LOG_ERR, "Error: Cannot use both certificate and psk encryption in a single bridge.");
return MOSQ_ERR_INVAL; return MOSQ_ERR_INVAL;
@ -924,7 +924,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, const
log__printf(NULL, MOSQ_LOG_WARNING, "Warning: Bridge support not available."); log__printf(NULL, MOSQ_LOG_WARNING, "Warning: Bridge support not available.");
#endif #endif
}else if(!strcmp(token, "bridge_psk")){ }else if(!strcmp(token, "bridge_psk")){
#if defined(WITH_BRIDGE) && defined(REAL_WITH_TLS_PSK) #if defined(WITH_BRIDGE) && defined(WITH_TLS_PSK)
if(reload) continue; // FIXME if(reload) continue; // FIXME
if(!cur_bridge){ if(!cur_bridge){
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration."); log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
@ -1554,7 +1554,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, const
log__printf(NULL, MOSQ_LOG_ERR, "Error: Empty protocol value in configuration."); log__printf(NULL, MOSQ_LOG_ERR, "Error: Empty protocol value in configuration.");
} }
}else if(!strcmp(token, "psk_file")){ }else if(!strcmp(token, "psk_file")){
#ifdef REAL_WITH_TLS_PSK #ifdef WITH_TLS_PSK
conf__set_cur_security_options(config, cur_listener, &cur_security_options); conf__set_cur_security_options(config, cur_listener, &cur_security_options);
if(reload){ if(reload){
mosquitto__free(cur_security_options->psk_file); mosquitto__free(cur_security_options->psk_file);
@ -1565,7 +1565,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, const
log__printf(NULL, MOSQ_LOG_WARNING, "Warning: TLS/TLS-PSK support not available."); log__printf(NULL, MOSQ_LOG_WARNING, "Warning: TLS/TLS-PSK support not available.");
#endif #endif
}else if(!strcmp(token, "psk_hint")){ }else if(!strcmp(token, "psk_hint")){
#ifdef REAL_WITH_TLS_PSK #ifdef WITH_TLS_PSK
if(reload) continue; // Listeners not valid for reloading. if(reload) continue; // Listeners not valid for reloading.
if(conf__parse_string(&token, "psk_hint", &cur_listener->psk_hint, saveptr)) return MOSQ_ERR_INVAL; if(conf__parse_string(&token, "psk_hint", &cur_listener->psk_hint, saveptr)) return MOSQ_ERR_INVAL;
#else #else

8
src/handle_connect.c
Unescape Escape View File

@ -396,7 +396,7 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context)
rc = 1; rc = 1;
goto handle_connect_error; goto handle_connect_error;
} }
#ifdef REAL_WITH_TLS_PSK #ifdef WITH_TLS_PSK
if(context->listener->psk_hint){ if(context->listener->psk_hint){
/* Client should have provided an identity to get this far. */ /* Client should have provided an identity to get this far. */
if(!context->username){ if(!context->username){
@ -405,7 +405,7 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context)
goto handle_connect_error; goto handle_connect_error;
} }
}else{ }else{
#endif /* REAL_WITH_TLS_PSK */ #endif /* WITH_TLS_PSK */
client_cert = SSL_get_peer_certificate(context->ssl); client_cert = SSL_get_peer_certificate(context->ssl);
if(!client_cert){ if(!client_cert){
send__connack(context, 0, CONNACK_REFUSED_BAD_USERNAME_PASSWORD); send__connack(context, 0, CONNACK_REFUSED_BAD_USERNAME_PASSWORD);
@ -451,9 +451,9 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context)
} }
X509_free(client_cert); X509_free(client_cert);
client_cert = NULL; client_cert = NULL;
#ifdef REAL_WITH_TLS_PSK #ifdef WITH_TLS_PSK
} }
#endif /* REAL_WITH_TLS_PSK */ #endif /* WITH_TLS_PSK */
}else{ }else{
#endif /* WITH_TLS */ #endif /* WITH_TLS */
if(username_flag){ if(username_flag){

2
src/mosquitto_broker_internal.h
Unescape Escape View File

@ -458,7 +458,7 @@ struct mosquitto__bridge{
char *tls_certfile; char *tls_certfile;
char *tls_keyfile; char *tls_keyfile;
char *tls_version; char *tls_version;
# ifdef REAL_WITH_TLS_PSK # ifdef WITH_TLS_PSK
char *tls_psk_identity; char *tls_psk_identity;
char *tls_psk; char *tls_psk;
# endif # endif

24
src/net.c
Unescape Escape View File

@ -209,7 +209,7 @@ static int client_certificate_verify(int preverify_ok, X509_STORE_CTX *ctx)
} }
#endif #endif
#ifdef REAL_WITH_TLS_PSK #ifdef WITH_TLS_PSK
static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int max_psk_len) static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int max_psk_len)
{ {
struct mosquitto_db *db; struct mosquitto_db *db;
@ -266,13 +266,7 @@ static int mosquitto__tls_server_ctx(struct mosquitto__listener *listener)
int ssl_options = 0; int ssl_options = 0;
char buf[256]; char buf[256];
int rc; int rc;
#ifdef WITH_EC
#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10002000L
EC_KEY *ecdh = NULL;
#endif
#endif
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
if(listener->tls_version == NULL){ if(listener->tls_version == NULL){
listener->ssl_ctx = SSL_CTX_new(SSLv23_server_method()); listener->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
}else if(!strcmp(listener->tls_version, "tlsv1.2")){ }else if(!strcmp(listener->tls_version, "tlsv1.2")){
@ -282,9 +276,6 @@ static int mosquitto__tls_server_ctx(struct mosquitto__listener *listener)
}else if(!strcmp(listener->tls_version, "tlsv1")){ }else if(!strcmp(listener->tls_version, "tlsv1")){
listener->ssl_ctx = SSL_CTX_new(TLSv1_server_method()); listener->ssl_ctx = SSL_CTX_new(TLSv1_server_method());
} }
#else
listener->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
#endif
if(!listener->ssl_ctx){ if(!listener->ssl_ctx){
log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to create TLS context."); log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to create TLS context.");
return 1; return 1;
@ -310,15 +301,6 @@ static int mosquitto__tls_server_ctx(struct mosquitto__listener *listener)
#ifdef WITH_EC #ifdef WITH_EC
#if OPENSSL_VERSION_NUMBER >= 0x10002000L && OPENSSL_VERSION_NUMBER < 0x10100000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L && OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_CTX_set_ecdh_auto(listener->ssl_ctx, 1); SSL_CTX_set_ecdh_auto(listener->ssl_ctx, 1);
#elif OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10002000L
ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
if(!ecdh){
log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to create TLS ECDH curve.");
return 1;
}
SSL_CTX_set_tmp_ecdh(listener->ssl_ctx, ecdh);
EC_KEY_free(ecdh);
#endif
#endif #endif
snprintf(buf, 256, "mosquitto-%d", listener->port); snprintf(buf, 256, "mosquitto-%d", listener->port);
@ -485,7 +467,7 @@ int net__socket_listen(struct mosquitto__listener *listener)
X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK); X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK);
} }
# ifdef REAL_WITH_TLS_PSK # ifdef WITH_TLS_PSK
}else if(listener->psk_hint){ }else if(listener->psk_hint){
if(tls_ex_index_context == -1){ if(tls_ex_index_context == -1){
tls_ex_index_context = SSL_get_ex_new_index(0, "client context", NULL, NULL, NULL); tls_ex_index_context = SSL_get_ex_new_index(0, "client context", NULL, NULL, NULL);
@ -507,7 +489,7 @@ int net__socket_listen(struct mosquitto__listener *listener)
return 1; return 1;
} }
} }
# endif /* REAL_WITH_TLS_PSK */ # endif /* WITH_TLS_PSK */
} }
#endif /* WITH_TLS */ #endif /* WITH_TLS */
return 0; return 0;

4
test/broker/08-tls-psk-bridge.py
Unescape Escape View File

@ -9,10 +9,6 @@ if sys.version < '2.7':
print("WARNING: SSL not supported on Python 2.6") print("WARNING: SSL not supported on Python 2.6")
exit(0) exit(0)
if ssl.OPENSSL_VERSION_NUMBER < 0x10000000:
print("WARNING: TLS-PSK not supported on OpenSSL < 1.0")
exit(0)
import inspect, os import inspect, os
# From http://stackoverflow.com/questions/279237/python-import-a-module-from-a-folder # From http://stackoverflow.com/questions/279237/python-import-a-module-from-a-folder

4
test/broker/08-tls-psk-pub.py
Unescape Escape View File

@ -8,10 +8,6 @@ if sys.version < '2.7':
print("WARNING: SSL not supported on Python 2.6") print("WARNING: SSL not supported on Python 2.6")
exit(0) exit(0)
if ssl.OPENSSL_VERSION_NUMBER < 0x10000000:
print("WARNING: TLS-PSK not supported on OpenSSL < 1.0")
exit(0)
import inspect, os import inspect, os
# From http://stackoverflow.com/questions/279237/python-import-a-module-from-a-folder # From http://stackoverflow.com/questions/279237/python-import-a-module-from-a-folder

Write Preview
Loading…
Cancel
Save