github
/
mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't ask for client cert when require_certificate is false.

Browse Source
pull/211/merge
Roger A. Light 11 years ago
parent ac00949793
commit 43556537e3
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File

3
ChangeLog.txt
Unescape Escape View File

@ -43,6 +43,9 @@ Broker:
- Add support for use_username_as_clientid which can be used with - Add support for use_username_as_clientid which can be used with
authentication to restrict ownership of client ids and hence prevent one authentication to restrict ownership of client ids and hence prevent one
client disconnecting another by using the same client id. client disconnecting another by using the same client id.
- When "require_certificate" was false, the broker was incorrectly asking for
a certificate (but not checking it). This caused problems with some clients
and has been fixed so the broker no longer asks.
Clients: Clients:
- Both clients can now load default configuration options from a file. - Both clients can now load default configuration options from a file.

2
src/net.c
Unescape Escape View File

@ -425,7 +425,7 @@ int mqtt3_socket_listen(struct _mqtt3_listener *listener)
if(listener->require_certificate){ if(listener->require_certificate){
SSL_CTX_set_verify(listener->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, client_certificate_verify); SSL_CTX_set_verify(listener->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, client_certificate_verify);
}else{ }else{
SSL_CTX_set_verify(listener->ssl_ctx, SSL_VERIFY_PEER, client_certificate_verify); SSL_CTX_set_verify(listener->ssl_ctx, SSL_VERIFY_NONE, client_certificate_verify);
} }
rc = SSL_CTX_use_certificate_chain_file(listener->ssl_ctx, listener->certfile); rc = SSL_CTX_use_certificate_chain_file(listener->ssl_ctx, listener->certfile);
if(rc != 1){ if(rc != 1){

Write Preview
Loading…
Cancel
Save