From 56ba1b99dba784b2bf4963482828d1d3881ca768 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Thu, 10 Sep 2020 15:50:47 +0100 Subject: [PATCH] Add `mosquitto_ssl_get()`. This allow clients to access their SSL structure and perform additional verification. --- ChangeLog.txt | 2 ++ lib/linker.version | 1 + lib/mosquitto.h | 17 +++++++++++++++++ lib/net_mosq.c | 11 +++++++++++ 4 files changed, 31 insertions(+) diff --git a/ChangeLog.txt b/ChangeLog.txt index 8049484f..862271b9 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -37,6 +37,8 @@ Client library: setting the retain bit. - Added MOSQ_OPT_TCP_NODELAY, to allow disabling Nagle's algorithm on client sockets. Closes #1526. +- Add `mosquitto_ssl_get()` to allow clients to access their SSL structure and + perform additional verification. Clients: - Add timeout return code (27) for `mosquitto_sub -W ` and diff --git a/lib/linker.version b/lib/linker.version index ea9bd04b..67902fc6 100644 --- a/lib/linker.version +++ b/lib/linker.version @@ -138,4 +138,5 @@ MOSQ_1.7 { mosquitto_property_identifier; mosquitto_property_identifier_to_string; mosquitto_property_next; + mosquitto_ssl_get; } MOSQ_1.6; diff --git a/lib/mosquitto.h b/lib/mosquitto.h index 2d770046..be1b8333 100644 --- a/lib/mosquitto.h +++ b/lib/mosquitto.h @@ -1743,6 +1743,23 @@ libmosq_EXPORT int mosquitto_tls_opts_set(struct mosquitto *mosq, int cert_reqs, libmosq_EXPORT int mosquitto_tls_psk_set(struct mosquitto *mosq, const char *psk, const char *identity, const char *ciphers); +/* + * Function: mosquitto_ssl_get + * + * Retrieve a pointer to the SSL structure used for TLS connections in this + * client. This can be used in e.g. the connect callback to carry out + * additional verification steps. + * + * Parameters: + * mosq - a valid mosquitto instance + * + * Returns: + * A valid pointer to an openssl SSL structure - if the client is using TLS. + * NULL - if the client is not using TLS, or TLS support is not compiled in. + */ +libmosq_EXPORT void *mosquitto_ssl_get(struct mosquitto *mosq); + + /* ====================================================================== * * Section: Callbacks diff --git a/lib/net_mosq.c b/lib/net_mosq.c index 72e7b096..6dbe8992 100644 --- a/lib/net_mosq.c +++ b/lib/net_mosq.c @@ -1174,3 +1174,14 @@ int net__socketpair(mosq_sock_t *pairR, mosq_sock_t *pairW) #endif } #endif + +#ifndef WITH_BROKER +void *mosquitto_ssl_get(struct mosquitto *mosq) +{ +#ifdef WITH_TLS + return mosq->ssl; +#else + return NULL; +#endif +} +#endif