diff --git a/man/mosquitto.conf.5.xml b/man/mosquitto.conf.5.xml index a9097f6a..92f797f6 100644 --- a/man/mosquitto.conf.5.xml +++ b/man/mosquitto.conf.5.xml @@ -193,6 +193,9 @@ [ true | false ] + This option is deprecated and will be removed in a + future version. The behaviour will default to true. + If a client is subscribed to multiple subscriptions that overlap, e.g. foo/# and foo/+/baz , then MQTT expects that when the broker receives a message on a @@ -364,6 +367,8 @@ prefix + This option is deprecated and will be removed in a + future version. If defined, only clients that have a clientid with a prefix that matches clientid_prefixes will be allowed to connect to the broker. For example, setting @@ -920,14 +925,6 @@ log_timestamp_format %Y-%m-%dT%H:%M:%S Reloaded on reload signal. - - [ true | false ] - - This is a synonym of the - option. - Reloaded on reload signal. - - [ true | false ] @@ -1009,6 +1006,9 @@ log_timestamp_format %Y-%m-%dT%H:%M:%S address + This option is deprecated and will be removed in a + future version. Use the instead. + Listen for incoming network connections on the specified IP address/hostname only. This is useful to restrict access to certain network interfaces. @@ -1146,6 +1146,9 @@ log_timestamp_format %Y-%m-%dT%H:%M:%S port number + This option is deprecated and will be removed in a + future version. Use the instead. + Set the network port for the default listener to listen on. Defaults to 1883. Not reloaded on reload signal. diff --git a/mosquitto.conf b/mosquitto.conf index aec6e92f..57f0cef9 100644 --- a/mosquitto.conf +++ b/mosquitto.conf @@ -31,20 +31,6 @@ #per_listener_settings false -# If a client is subscribed to multiple subscriptions that overlap, e.g. foo/# -# and foo/+/baz , then MQTT expects that when the broker receives a message on -# a topic that matches both subscriptions, such as foo/bar/baz, then the client -# should only receive the message once. -# Mosquitto keeps track of which clients a message has been sent to in order to -# meet this requirement. The allow_duplicate_messages option allows this -# behaviour to be disabled, which may be useful if you have a large number of -# clients subscribed to the same set of topics and are very concerned about -# minimising memory usage. -# It can be safely set to true if you know in advance that your clients will -# never have overlapping subscriptions, otherwise your clients must be able to -# correctly deal with duplicate messages even when then have QoS=2. -#allow_duplicate_messages false - # This option controls whether a client is allowed to connect with a zero # length client id or not. This option only affects clients using MQTT v3.1.1 # and later. If set to false, clients connecting with a zero length client id @@ -200,167 +186,7 @@ #user mosquitto # ================================================================= -# Default listener -# ================================================================= - -# IP address/hostname to bind the default listener to. If not -# given, the default listener will not be bound to a specific -# address and so will be accessible to all network interfaces. -# bind_address ip-address/host name -#bind_address - -# Port to use for the default listener. -#port 1883 - -# Bind the listener to a specific interface. This is similar to -# bind_address above but is useful when an interface has multiple addresses or -# the address may change. It is valid to use this with the bind_address option, -# but take care that the interface you are binding to contains the address you -# are binding to, otherwise you will not be able to connect. -# Example: bind_interface eth0 -#bind_interface - -# When a listener is using the websockets protocol, it is possible to serve -# http data as well. Set http_dir to a directory which contains the files you -# wish to serve. If this option is not specified, then no normal http -# connections will be possible. -#http_dir - -# The maximum number of client connections to allow. This is -# a per listener setting. -# Default is -1, which means unlimited connections. -# Note that other process limits mean that unlimited connections -# are not really possible. Typically operating systems such as Linux set a -# default maximum number of connections possible at around 1024. If you require -# more connections than this, the operating system limit must be increased with -# something like `ulimit`. -#max_connections -1 - -# Choose the protocol to use when listening. -# This can be either mqtt or websockets. -# Websockets support is currently disabled by default at compile time. -# Certificate based TLS may be used with websockets, except that -# only the cafile, certfile, keyfile and ciphers options are supported. -#protocol mqtt - -# Set use_username_as_clientid to true to replace the clientid that a client -# connected with with its username. This allows authentication to be tied to -# the clientid, which means that it is possible to prevent one client -# disconnecting another by using the same clientid. -# If a client connects with no username it will be disconnected as not -# authorised when this option is set to true. -# Do not use in conjunction with clientid_prefixes. -# See also use_identity_as_username. -#use_username_as_clientid - -# ----------------------------------------------------------------- -# Certificate based SSL/TLS support -# ----------------------------------------------------------------- -# The following options can be used to enable SSL/TLS support for -# this listener. Note that the recommended port for MQTT over TLS -# is 8883, but this must be set manually. -# -# See also the mosquitto-tls man page. - -# At least one of cafile or capath must be defined. They both -# define methods of accessing the PEM encoded Certificate -# Authority certificates that have signed your server certificate -# and that you wish to trust. -# cafile defines the path to a file containing the CA certificates. -# capath defines a directory that will be searched for files -# containing the CA certificates. For capath to work correctly, the -# certificate files must have ".crt" as the file ending and you must run -# "openssl rehash " each time you add/remove a certificate. -#cafile -#capath - -# Path to the PEM encoded server certificate. -#certfile - -# Path to the PEM encoded keyfile. -#keyfile - - -# If you have require_certificate set to true, you can create a certificate -# revocation list file to revoke access to particular client certificates. If -# you have done this, use crlfile to point to the PEM encoded revocation file. -#crlfile - -# If you wish to control which encryption ciphers are used, use the ciphers -# option. The list of available ciphers can be obtained using the "openssl -# ciphers" command and should be provided in the same format as the output of -# that command. -# If unset defaults to DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH -#ciphers DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH - -# To allow the use of ephemeral DH key exchange, which provides forward -# security, the listener must load DH parameters. This can be specified with -# the dhparamfile option. The dhparamfile can be generated with the command -# e.g. "openssl dhparam -out dhparam.pem 2048" -#dhparamfile - -# By default a TLS enabled listener will operate in a similar fashion to a -# https enabled web server, in that the server has a certificate signed by a CA -# and the client will verify that it is a trusted certificate. The overall aim -# is encryption of the network traffic. By setting require_certificate to true, -# the client must provide a valid certificate in order for the network -# connection to proceed. This allows access to the broker to be controlled -# outside of the mechanisms provided by MQTT. -#require_certificate false - -# This option defines the version of the TLS protocol to use for this listener. -# The default value allows all of v1.3, v1.2 and v1.1. The valid values are -# tlsv1.3 tlsv1.2 and tlsv1.1. -#tls_version - -# If require_certificate is true, you may set use_identity_as_username to true -# to use the CN value from the client certificate as a username. If this is -# true, the password_file option will not be used for this listener. -# This takes priority over use_subject_as_username. -# See also use_subject_as_username. -#use_identity_as_username false - -# If require_certificate is true, you may set use_subject_as_username to true -# to use the complete subject value from the client certificate as a username. -# If this is true, the password_file option will not be used for this listener. -# See also use_identity_as_username -#use_subject_as_username false - -# ----------------------------------------------------------------- -# Pre-shared-key based SSL/TLS support -# ----------------------------------------------------------------- -# The following options can be used to enable PSK based SSL/TLS support for -# this listener. Note that the recommended port for MQTT over TLS is 8883, but -# this must be set manually. -# -# See also the mosquitto-tls man page and the "Certificate based SSL/TLS -# support" section. Only one of certificate or PSK encryption support can be -# enabled for any listener. - -# The psk_hint option enables pre-shared-key support for this listener and also -# acts as an identifier for this listener. The hint is sent to clients and may -# be used locally to aid authentication. The hint is a free form string that -# doesn't have much meaning in itself, so feel free to be creative. -# If this option is provided, see psk_file to define the pre-shared keys to be -# used or create a security plugin to handle them. -#psk_hint - -# When using PSK, the encryption ciphers used will be chosen from the list of -# available PSK ciphers. If you want to control which ciphers are available, -# use the "ciphers" option. The list of available ciphers can be obtained -# using the "openssl ciphers" command and should be provided in the same format -# as the output of that command. -#ciphers - -# Set use_identity_as_username to have the psk identity sent by the client used -# as its username. Authentication will be carried out using the PSK rather than -# the MQTT username/password and so password_file will not be used for this -# listener. -#use_identity_as_username false - - -# ================================================================= -# Extra listeners +# Listeners # ================================================================= # Listen on a port/ip address combination. By using this variable diff --git a/src/conf.c b/src/conf.c index 131e98d8..aba8cb41 100644 --- a/src/conf.c +++ b/src/conf.c @@ -818,6 +818,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct conf__set_cur_security_options(config, cur_listener, &cur_security_options); if(conf__parse_bool(&token, "allow_anonymous", (bool *)&cur_security_options->allow_anonymous, saveptr)) return MOSQ_ERR_INVAL; }else if(!strcmp(token, "allow_duplicate_messages")){ + log__printf(NULL, MOSQ_LOG_NOTICE, "The 'allow_duplicate_messages' option is now deprecated and will be removed in a future version. The behaviour will default to true."); if(conf__parse_bool(&token, "allow_duplicate_messages", &config->allow_duplicate_messages, saveptr)) return MOSQ_ERR_INVAL; }else if(!strcmp(token, "allow_zero_length_clientid")){ conf__set_cur_security_options(config, cur_listener, &cur_security_options); @@ -907,6 +908,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct }else if(!strcmp(token, "autosave_on_changes")){ if(conf__parse_bool(&token, "autosave_on_changes", &config->autosave_on_changes, saveptr)) return MOSQ_ERR_INVAL; }else if(!strcmp(token, "bind_address")){ + log__printf(NULL, MOSQ_LOG_NOTICE, "The 'bind_address' option is now deprecated and will be removed in a future version. The behaviour will default to true."); config->local_only = false; if(reload) continue; /* Listeners not valid for reloading. */ if(conf__parse_string(&token, "default listener bind_address", &config->default_listener.host, saveptr)) return MOSQ_ERR_INVAL; @@ -1187,6 +1189,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct log__printf(NULL, MOSQ_LOG_WARNING, "Warning: Bridge support not available."); #endif }else if(!strcmp(token, "clientid_prefixes")){ + log__printf(NULL, MOSQ_LOG_NOTICE, "The 'clientid_prefixes' option is now deprecated and will be removed in a future version."); if(reload){ mosquitto__free(config->clientid_prefixes); config->clientid_prefixes = NULL; @@ -1767,6 +1770,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct if(reload) continue; /* pid file not valid for reloading. */ if(conf__parse_string(&token, "pid_file", &config->pid_file, saveptr)) return MOSQ_ERR_INVAL; }else if(!strcmp(token, "port")){ + log__printf(NULL, MOSQ_LOG_NOTICE, "The 'port' option is now deprecated and will be removed in a future version. Please use 'listener' instead."); config->local_only = false; if(reload) continue; /* Listeners not valid for reloading. */ if(config->default_listener.port){ @@ -1920,8 +1924,6 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct log__printf(NULL, MOSQ_LOG_ERR, "Error: Empty socket_domain value in configuration."); return MOSQ_ERR_INVAL; } - }else if(!strcmp(token, "store_clean_interval")){ - log__printf(NULL, MOSQ_LOG_WARNING, "Warning: store_clean_interval is no longer needed."); }else if(!strcmp(token, "sys_interval")){ if(conf__parse_int(&token, "sys_interval", &config->sys_interval, saveptr)) return MOSQ_ERR_INVAL; if(config->sys_interval < 0 || config->sys_interval > 65535){ @@ -2121,11 +2123,6 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct #else log__printf(NULL, MOSQ_LOG_WARNING, "Warning: Websockets support not available."); #endif - }else if(!strcmp(token, "trace_level") - || !strcmp(token, "ffdc_output") - || !strcmp(token, "max_log_entries") - || !strcmp(token, "trace_output")){ - log__printf(NULL, MOSQ_LOG_WARNING, "Warning: Unsupported rsmb configuration option \"%s\".", token); }else{ log__printf(NULL, MOSQ_LOG_ERR, "Error: Unknown configuration variable \"%s\".", token); return MOSQ_ERR_INVAL;