This allows a big swath of ifdefs to be removed. It also means savings as the db var is not passed around all of the time, and makes it easier to remove the final broker call to mosquitto_time() call in packet_mosq.c. In one test this reduced the calls to mosquitto_time() from 295k to 48k.
Reason: There is no check that the mosquitto__malloc at line 162 was sucessfull.
This could result to a Null pointer dereference in the memcpy call at line 166.
Fix: I added the check.
Signed-off-by: Panagiotis Vasilikos <panagiotis.vasilikos@alexandra.dk>
This change means that users with the appropriate security permissions
can open the log file for reading at the same time that it is being
written.
Closes#515.
Some OpenSSL engines (selectable via tls_engine option) may require a
password to make use of private keys created with them in the first place.
The TPM engine for example, will require a password to access the underlying
TPM's Storage Root Key (SRK), which is the root key of a hierarchy of keys
associated with a TPM; it is generated within a TPM and is a non-migratable
key. Each owned TPM contains a SRK, generated by the TPM at the request
of the Owner. [1]
By default, the engine will prompt the user to introduce the SRK password
before any private keys created with the engine can be used. This could
be inconvenient when running on an unattended system.
Here's where the new tls_engine_kpass_sha option comes in handy. The user
can specify a SHA1 hash of its engine private key password via command
line or config file and it will be passed on to the engine directly.
This commit adds support for both clients (libmosquitto) and broker.
[1] https://goo.gl/qQoXBY
Signed-off-by: Nicolás Pernas Maradei <nicopernas@gmail.com>
Incorrect psk will be provided by psk_server_callback() because leading zero
is skipped by BN_bn2bin() and BN_num_bytes().
Signed-off-by: Aska.Wu <askawu@gmail.com>
Roger A. Light
Panagiotis Vasilikos
Nicolás Pernas Maradei
Aska.Wu