Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

mosquitto_ctrl changes automatically to TLS mode if you use port 8883 like mosquitto_* clients #2541 #3157

Open
wants to merge 2 commits into
base: fixes
Choose a base branch
from
Open

mosquitto_ctrl changes automatically to TLS mode if you use port 8883 like mosquitto_* clients #2541 #3157

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d813388
mosquitto_ctrl changes automatically to TLS mode if you use port 8883…
ckrey Nov 5, 2024
b72df45
ctrl with automatic TLS mode with PSK
ckrey Nov 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion apps/mosquitto_ctrl/client.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,11 @@ int client_request_response(struct mosq_ctrl *ctrl)
int rc;
time_t start;

if(ctrl->cfg.cafile == NULL && ctrl->cfg.capath == NULL){
if(ctrl->cfg.cafile == NULL && ctrl->cfg.capath == NULL && !ctrl->cfg.tls_use_os_certs && ctrl->cfg.port != 8883
# ifdef FINAL_WITH_TLS_PSK
&& !ctrl->cfg.psk
# endif
){
fprintf(stderr, "Warning: You are running mosquitto_ctrl without encryption.\nThis means all of the configuration changes you are making are visible on the network, including passwords.\n\n");
}

Expand Down
1 change: 1 addition & 0 deletions apps/mosquitto_ctrl/mosquitto_ctrl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ struct mosq_config {
char *tls_engine;
char *tls_engine_kpass_sha1;
char *keyform;
bool tls_use_os_certs;
# ifdef FINAL_WITH_TLS_PSK
char *psk;
char *psk_identity;
Expand Down
26 changes: 18 additions & 8 deletions apps/mosquitto_ctrl/options.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -247,6 +247,7 @@ static int client_config_line_proc(struct mosq_config *cfg, int *argc, char **ar
} else if(!strncasecmp(url, "mqtts://", 8)) {
url += 8;
cfg->port = 8883;
cfg->tls_use_os_certs = true;
} else {
fprintf(stderr, "Error: unsupported URL scheme.\n\n");
return 1;
Expand Down Expand Up @@ -388,6 +389,8 @@ static int client_config_line_proc(struct mosq_config *cfg, int *argc, char **ar
}
argv++;
(*argc)--;
}else if(!strcmp(argv[0], "--tls-use-os-certs")){
cfg->tls_use_os_certs = true;
}else if(!strcmp(argv[0], "--tls-version")){
if((*argc) == 1){
fprintf(stderr, "Error: --tls-version argument given but no version specified.\n\n");
Expand Down Expand Up @@ -609,7 +612,21 @@ int client_opts_set(struct mosquitto *mosq, struct mosq_config *cfg)
mosquitto_lib_cleanup();
return 1;
}
}
# ifdef FINAL_WITH_TLS_PSK
}else if (cfg->psk){
if(mosquitto_tls_psk_set(mosq, cfg->psk, cfg->psk_identity, NULL)){
fprintf(stderr, "Error: Problem setting TLS-PSK options.\n");
mosquitto_lib_cleanup();
return 1;
}
# endif
}else if(cfg->port == 8883){
mosquitto_int_option(mosq, MOSQ_OPT_TLS_USE_OS_CERTS, 1);
}
if(cfg->tls_use_os_certs){
mosquitto_int_option(mosq, MOSQ_OPT_TLS_USE_OS_CERTS, 1);
}

if(cfg->insecure && mosquitto_tls_insecure_set(mosq, true)){
fprintf(stderr, "Error: Problem setting TLS insecure option.\n");
mosquitto_lib_cleanup();
Expand All @@ -630,13 +647,6 @@ int client_opts_set(struct mosquitto *mosq, struct mosq_config *cfg)
mosquitto_lib_cleanup();
return 1;
}
# ifdef FINAL_WITH_TLS_PSK
if(cfg->psk && mosquitto_tls_psk_set(mosq, cfg->psk, cfg->psk_identity, NULL)){
fprintf(stderr, "Error: Problem setting TLS-PSK options.\n");
mosquitto_lib_cleanup();
return 1;
}
# endif
if((cfg->tls_version || cfg->ciphers) && mosquitto_tls_opts_set(mosq, 1, cfg->tls_version, cfg->ciphers)){
fprintf(stderr, "Error: Problem setting TLS options, check the options are valid.\n");
mosquitto_lib_cleanup();
Expand Down
15 changes: 15 additions & 0 deletions man/mosquitto_ctrl.1.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@
<arg choice='plain'><option>--psk</option> <replaceable>hex-key</replaceable></arg>
<arg choice='plain'><option>--psk-identity</option> <replaceable>identity</replaceable></arg>
<arg><option>--ciphers</option> <replaceable>ciphers</replaceable></arg>
<arg><option>--tls-use-os-certs</option></arg>
<arg><option>--tls-version</option> <replaceable>version</replaceable></arg>
</arg>
</group>
Expand Down Expand Up @@ -441,6 +442,20 @@
<para>See also <option>--tls-engine</option>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--tls-use-os-certs</option></term>
<listitem>
<para>
If used, this will load and trust the OS provided CA
certificates. This can be used in conjunction with
<option>--cafile</option> and <option>--capath</option>
and can be used on its own to enable TLS mode. This
will be set by default if <option>-L mqtts://...</option>
is used, or if port is 8883 and no other certificate
options are used.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--tls-version</option></term>
<listitem>
Expand Down
Loading