github
/
mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,149 Commits
9 Branches
64 Tags
20 MiB
develop
master
fixes
release/2.0
release/1.6
dynamic-bridge
release/1.5
debian
debian-mosquitto
v2.0.15
v2.0.14
v2.0.13
v2.0.12
v2.0.11
v1.6.15
v2.0.10
v2.0.9
v1.6.14
v1.5.11
v2.0.8
v2.0.7
v1.6.13
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.5.10
v1.6.12
v1.6.11
v1.6.10
v1.6.9
v1.6.8
v1.6.7
v1.6.6
v1.5.9
v1.6.5
v1.6.4
v1.6.3
v1.6.2
v1.6.1
v1.6
v1.5.8
v1.5.7
v1.5.6
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5
v1.4.15
v1.4.14
v1.4.13
v1.4.12
v1.4.11
v1.4.10
v1.4.9
v1.4.8
v1.4.7
v1.4.6
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.3.2-not-blessed
v1.3.3-not-blessed
v1.3.4-not-blessed
v1.3.5-not-blessed
v1.4
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '20894fcbce'
${ noResults }
Commit Graph

90 Commits (20894fcbce661d50f77c49b132dedea4cdc1f5a0)

Author SHA1 Message Date
Nicolás Pernas Maradei 20894fcbce Add engine private key password support 
Some OpenSSL engines (selectable via tls_engine option) may require a
password to make use of private keys created with them in the first place.

The TPM engine for example, will require a password to access the underlying
TPM's Storage Root Key (SRK), which is the root key of a hierarchy of keys
associated with a TPM; it is generated within a TPM and is a non-migratable
key. Each owned TPM contains a SRK, generated by the TPM at the request
of the Owner. [1]

By default, the engine will prompt the user to introduce the SRK password
before any private keys created with the engine can be used. This could
be inconvenient when running on an unattended system.

Here's where the new tls_engine_kpass_sha option comes in handy. The user
can specify a SHA1 hash of its engine private key password via command
line or config file and it will be passed on to the engine directly.

This commit adds support for both clients (libmosquitto) and broker.

[1] https://goo.gl/qQoXBY

Signed-off-by: Nicolás Pernas Maradei <nicopernas@gmail.com>
 7 years ago
Nicolás Pernas Maradei f88cc06435 Add TLS engine and keyform support to libmosquitto 
- Clients can now offload crypto tasks to an external crypto device through
  the OpenSSL ENGINE API.
- The keyfiles can now be treated as PEM or ENGINE keys.
- Two new functions were added to libmosquitto to set up the previously
  mentioned features.
- Both mosquitto_sub and mosquitto_pub include support to turn on the mentioned
  features through command line options.

Signed-off-by: Nicolás Pernas Maradei <nicopernas@gmail.com>
 7 years ago
Roger A. Light 0a9ee5b4cf Fix memory leak when reconnecting with TLS errors. 
Fix memory leak that occurred if mosquitto_reconnect() was used when TLS
errors were present.

Closes #592. Thanks to smartdabao and aaronovz1.
 7 years ago
Fredrik Fornwall 915e91d9be Fix build with OPENSSL_NO_ENGINE 
Signed-off-by: Fredrik Fornwall <fredrik@fornwall.net>
 7 years ago
Roger A. Light 0ec090f31a Fixes for building on FreeBSD. 7 years ago
Roger A. Light 10b19a42ed Fixes for building on NetBSD. 
Closes #258.

Thanks to Daniel Ölschlegel.
 7 years ago
Roger A. Light c757cb0912 Remove incorrect comment. 7 years ago
Roger A. Light e185d18917 Better fix for #851. 
Ensure all sockets that are closed are set to INVALID_SOCKET.

Signed-off-by: Roger A. Light <roger@atchoo.org>
 7 years ago
Roger A. Light 575dce91f0 Fix segfault on startup if bridge CA certificates could not be read. 
Closes #851.

Thanks to chelliwell.

Signed-off-by: Roger A. Light <roger@atchoo.org>
 7 years ago
Roger A. Light 4bacbecb1b Fix some places where return codes were incorrect. 
Closes #850.

Signed-off-by: Roger A. Light <roger@atchoo.org>
 7 years ago
Roger A. Light bcf76b9cb6 Remove use of AI_ADDRCONFIG. 
Closes #869, #901.

Thanks to Alex Richman.

Signed-off-by: Roger A. Light <roger@atchoo.org>
 7 years ago
Roger A. Light 286400abcf Use AF_UNSPEC etc. instead of PF_UNSPEC to comply with POSIX. 
Closes #863.

Thanks to denigmus and Patrick TJ McPhee.

Signed-off-by: Roger A. Light <roger@atchoo.org>
 7 years ago
Roger A. Light e90a32835b Merge branch 'fixes' into develop 8 years ago
Roger A. Light 6c7ecd7e97 Fix compiling without TLS. 8 years ago
Thomas Beckmann (M-Way) ee610ab19a _mosquitto_net_read must call WSASetLastError when changing errno so that the error code can be picked up by _mosquitto_packet_read 
Signed-off-by: Thomas Beckmann (M-Way) <t.beckmann@mwaysolutions.com>
 8 years ago
Roger A. Light e961bc9301 Comment to aid init_ssl_ctx understanding. 8 years ago
Roger A. Light b649799c78 Protect mosq->ssl_ctx against double initialisation. 8 years ago
Roger A. Light 943b311344 Don't use deprecated openssl functions. 8 years ago
Roger A. Light 24d68b5af8 Remove support for openssl 1.0.0 and 1.0.1. 
These are no longer supported by openssl.
 8 years ago
Roger A. Light 8470ca89b9 Add MOSQ_OPT_SSL_CTX and MOSQ_OPT_SSL_CTX_WITH_DEFAULTS options. 
Closes #567 and #715.
 8 years ago
Roger A. Light f4d238be18 Bump copyright years. 8 years ago
Thomas Beckmann (M-Way) 8e3c2d9af7 _mosquitto_net_read must call WSASetLastError when changing errno so that the error code can be picked up by _mosquitto_packet_read 
Signed-off-by: Thomas Beckmann (M-Way) <t.beckmann@mwaysolutions.com>
 8 years ago
Viktor Gotwig e90afb8526 Adding tls host name extension (SNI) 
Signed-off-by: Viktor Gotwig <viktor.gotwig@q-loud.de>
 8 years ago
Roger A. Light 81cb7ab547 Merge branch 'fixes' into develop 8 years ago
JonoJensen 7d8d04bc39 Fix issue when SSL_connect() returns SSL_ERROR_WANT_READ. A call to SSL_write here will later transmit a new client hello and make ssl connection fail. 
Signed-off-by: JonoJensen <jono.jensen@yahoo.se>
 8 years ago
Roger A. Light b193918ca0 [649] Don't close socket again if nonblock fails. 
Thanks to Edwin van den Oetelaar.

Bug: https://github.com/eclipse/mosquitto/issues/649
 8 years ago
Roger A. Light 124ee1af91 [490] Further fix for auth related crashes. 
Bug: https://github.com/eclipse/mosquitto/issues/490
 8 years ago
Roger A. Light 22063013be [490] Fix auth plugin+WS client+MOSQ_ERR_AUTH related crash. 
Thanks to "hasunperera".

Bug: https://github.com/eclipse/mosquitto/issues/490
 8 years ago
Roger A. Light e74203de2c Merge branch 'master' into develop 8 years ago
Jan Lukavsky 621f18d696 #419 Broker sometimes kills connection to client 
Signed-off-by: Jan Lukavsky <je.ik@seznam.cz>
 8 years ago
Roger A. Light b61fefcf08 Merge branch 'master' into develop 8 years ago
Jelle van der Waa ab266e7f5f lib: fix OpenSSL 1.1 deprecation warning for ERR_remove_state 
ERR_remove_state has been marked deprecated in OpenSSL 1.1.0 and do
nothing, as the OpenSSL libraries now normally do all thread
initialization and deinitialisation automatically.

Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
 9 years ago
Roger A. Light 91b308a11d Merge branch 'master' into develop 9 years ago
Roger A. Light ac981782db Fix typo and use net__print_ssl_error() as available. 9 years ago
Jiří Pinkava cd0985c3e2 Log more TLS error details 
Signed-off-by: Jiří Pinkava <j-pi@seznam.cz>
 9 years ago
Roger A. Light 433ee5c4d6 [344] Don't compile in async dns support by default for makefiles. 9 years ago
Roger A. Light 6f45ab9624 [344] Only do async dns on glibc. 9 years ago
Roger A. Light 5eae4b56d6 [344] More leak fixes. 9 years ago
Roger A. Light e13af18ed9 Start of fix for [344]. 9 years ago
Roger A. Light 98ea684906 [323] Allow outgoing IPv6 connections to use TLS. 
Bug: https://github.com/eclipse/mosquitto/issues/323
 9 years ago
Roger A. Light f0485d1398 [344] Don't compile in async dns support by default for makefiles. 9 years ago
Roger A. Light 3d40ffe18b [344] Only do async dns on glibc. 9 years ago
Roger A. Light ee543a25f5 [344] More leak fixes. 9 years ago
Roger A. Light ef7a230365 Start of fix for [344]. 9 years ago
Roger A. Light 6f7a0bff4b [323] Allow outgoing IPv6 connections to use TLS. 
Bug: https://github.com/eclipse/mosquitto/issues/323
 9 years ago
Roger A. Light 017db6706f Rename mosquitto_broker.h -> mosquitto_broker_internal.h 9 years ago
Roger A. Light 8378fe44cf Update copyrights. 9 years ago
Roger A. Light 1c3988a397 Merge branch 'master' into develop 9 years ago
Roger A. Light e8185ddaa7 [166] Don't cancel external threads. 
libmosquitto shouldn't cancel threads it didn't create. This change
allows us to keep track of whether threads were created by the library
or by external code.

Thanks to Josip Ćavar.

Bug: https://github.com/eclipse/mosquitto/issues/166
 10 years ago
Roger A. Light c6ef86bd1f Print openssl errors when debugging enabled. 10 years ago