This disables all TLS options for that instance. This is useful for
negating TLS options provided in a config file, or to disable the
automatic use of TLS when using port 8883.
Closes#2180. Thanks to Elliott Balsley.
If sending mosquitto_sub output to a pipe, mosquitto_sub will now detect
that the pipe has closed and disconnect.
Closes#2164. Thanks to Frantisek Fuka.
- Add `MOSQ_OPT_TLS_USE_OS_CERTS` option, to instruct the client to load and trust OS provided CA certificates for use with TLS connections.
- All clients now load OS provided CA certificates if used with `-L
mqtts://...`, or if port is set to 8883 and no other CA certificates are
used. Closes#1824.
- Add the `--tls-use-os-certs` option to all clients.
Closes#1824. Thanks to Jens Reimann.
This means `--remove-retained -t bbc/# -T bbc/one/#` would remove all
retained messages in `bbc/#`, instead of leaving all of the topics in
`bbc/one/#`.
Closes#1585. Thanks to Simon Moser.
the `memset(&cfg, 0, sizeof(struct mosq_config));` already exsits in
`client_config_load()`'s `init_config()` function call.
So calling it in main function is totally unnecessary.
Signed-off-by: YangHau <vulxj0j8j8@gmail.com>
Some OpenSSL engines (selectable via tls_engine option) may require a
password to make use of private keys created with them in the first place.
The TPM engine for example, will require a password to access the underlying
TPM's Storage Root Key (SRK), which is the root key of a hierarchy of keys
associated with a TPM; it is generated within a TPM and is a non-migratable
key. Each owned TPM contains a SRK, generated by the TPM at the request
of the Owner. [1]
By default, the engine will prompt the user to introduce the SRK password
before any private keys created with the engine can be used. This could
be inconvenient when running on an unattended system.
Here's where the new tls_engine_kpass_sha option comes in handy. The user
can specify a SHA1 hash of its engine private key password via command
line or config file and it will be passed on to the engine directly.
This commit adds support for both clients (libmosquitto) and broker.
[1] https://goo.gl/qQoXBY
Signed-off-by: Nicolás Pernas Maradei <nicopernas@gmail.com>
Roger A. Light
Basavesh Shivakumar
Abilio Marques
YangHau
Nicolás Pernas Maradei