mirror of
https://github.com/eclipse-mosquitto/mosquitto.git
synced 2026-02-05 18:50:06 +08:00
Roger A. Light
committed by
Roger Light
Roger Light
parent
6edc3fb6a7
commit
695df7719d
@@ -14,6 +14,9 @@
|
||||
- Fix incorrect linking of libmosquitto_common.so for the acl and password
|
||||
file plugins. Closes #3460.
|
||||
|
||||
# Build
|
||||
- Fix building with WITH_TLS=no
|
||||
|
||||
|
||||
2.1.0 - 2026-01-29
|
||||
==================
|
||||
|
||||
@@ -104,11 +104,15 @@ void json_add_base_msg(struct P_base_msg *chunk)
|
||||
cJSON_AddStringToObject(j_base_msg, "username", chunk->source.username);
|
||||
}
|
||||
if(chunk->F.payloadlen > 0){
|
||||
#ifdef WITH_TLS
|
||||
char *payload;
|
||||
if(mosquitto_base64_encode(chunk->payload, chunk->F.payloadlen, &payload) == MOSQ_ERR_SUCCESS){
|
||||
cJSON_AddStringToObject(j_base_msg, "payload", payload);
|
||||
mosquitto_free(payload);
|
||||
}
|
||||
#else
|
||||
fprintf(stderr, "Warning: payload not output due to missing base64 support.\n");
|
||||
#endif
|
||||
}
|
||||
if(chunk->properties){
|
||||
cJSON *j_props = mosquitto_properties_to_json(chunk->properties);
|
||||
|
||||
@@ -19,7 +19,7 @@ build_variants = [
|
||||
'WITH_SYSTEMD',
|
||||
'WITH_SYS_TREE',
|
||||
'WITH_THREADING',
|
||||
#'WITH_TLS',
|
||||
'WITH_TLS',
|
||||
'WITH_TLS_PSK',
|
||||
'WITH_UNIX_SOCKETS',
|
||||
'WITH_WEBSOCKETS',
|
||||
|
||||
@@ -854,8 +854,10 @@ void bridge__cleanup(struct mosquitto *context)
|
||||
mosquitto_FREE(context->bridge->local_clientid);
|
||||
mosquitto_FREE(context->bridge->local_username);
|
||||
mosquitto_FREE(context->bridge->local_password);
|
||||
#ifdef WITH_TLS
|
||||
mosquitto_FREE(context->bridge->tls_certfile);
|
||||
mosquitto_FREE(context->bridge->tls_keyfile);
|
||||
#endif
|
||||
|
||||
if(context->bridge->remote_clientid != context->id){
|
||||
mosquitto_FREE(context->bridge->remote_clientid);
|
||||
|
||||
@@ -2978,6 +2978,7 @@ static int config__check_proxy(struct mosquitto__config *config)
|
||||
struct mosquitto__listener *l = &config->listeners[i];
|
||||
|
||||
if(l->enable_proxy_protocol == 2){
|
||||
#ifdef WITH_TLS
|
||||
if(l->use_subject_as_username){
|
||||
log__printf(NULL, MOSQ_LOG_ERR, "Error: use_subject_as_username cannot be used with `enable_proxy_protocol 2`.");
|
||||
return MOSQ_ERR_INVAL;
|
||||
@@ -2987,6 +2988,7 @@ static int config__check_proxy(struct mosquitto__config *config)
|
||||
log__printf(NULL, MOSQ_LOG_ERR, "Error: certfile and keyfile cannot be used with `enable_proxy_protocol 2`.");
|
||||
return MOSQ_ERR_INVAL;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1005,6 +1005,7 @@ static int handle_username_from_cert_options(struct mosquitto *context, char **u
|
||||
}else
|
||||
#endif /* WITH_TLS */
|
||||
{
|
||||
#ifdef WITH_TLS
|
||||
if(context->listener->use_identity_as_username && context->listener->require_certificate){
|
||||
mosquitto_FREE(*username);
|
||||
mosquitto_FREE(*password);
|
||||
@@ -1012,7 +1013,9 @@ static int handle_username_from_cert_options(struct mosquitto *context, char **u
|
||||
if(!context->username){
|
||||
return send__connack_bad_username_or_password_error(context, MOSQ_ERR_AUTH);
|
||||
}
|
||||
}else{
|
||||
}else
|
||||
#endif
|
||||
{
|
||||
/* FIXME - these ensure the mosquitto_clientid() and
|
||||
* mosquitto_client_username() functions work, but is hacky */
|
||||
context->username = *username;
|
||||
@@ -1076,12 +1079,14 @@ int handle__connect(struct mosquitto *context)
|
||||
goto handle_connect_error;
|
||||
}
|
||||
|
||||
#ifdef WITH_TLS
|
||||
if(context->in_packet.command == 0x16 && context->listener->ssl_ctx == NULL){ /* 0x16 is TLS handshake client hello */
|
||||
log__printf(NULL, MOSQ_LOG_NOTICE, "Client from %s:%d appears to be using TLS to connect to a non-TLS listener.",
|
||||
context->address, context->remote_port);
|
||||
rc = MOSQ_ERR_PROTOCOL;
|
||||
goto handle_connect_error;
|
||||
}
|
||||
#endif
|
||||
|
||||
rc = read_protocol_name(context, protocol_name);
|
||||
if(rc != MOSQ_ERR_SUCCESS){
|
||||
|
||||
@@ -22,6 +22,7 @@ Contributors:
|
||||
|
||||
#include <assert.h>
|
||||
#include <errno.h>
|
||||
#include <limits.h>
|
||||
#include <microhttpd.h>
|
||||
#include <string.h>
|
||||
#include <sys/stat.h>
|
||||
@@ -210,8 +211,10 @@ static enum MHD_Result http_api__process_listeners(struct MHD_Connection *connec
|
||||
break;
|
||||
}
|
||||
|
||||
#ifdef WITH_TLS
|
||||
cJSON_AddBoolToObject(j_listener, "tls", listener->certfile && listener->keyfile);
|
||||
cJSON_AddBoolToObject(j_listener, "mtls", listener->require_certificate);
|
||||
#endif
|
||||
if(listener->security_options->allow_anonymous == -1){
|
||||
cJSON_AddBoolToObject(j_listener, "allow_anonymous", db.config->security_options.allow_anonymous);
|
||||
}else{
|
||||
@@ -462,6 +465,7 @@ int http_api__start(struct mosquitto__listener *listener)
|
||||
bind_address = listener->host;
|
||||
port = listener->port;
|
||||
|
||||
#ifdef WITH_TLS
|
||||
if(listener->certfile && listener->keyfile){
|
||||
if(mosquitto_read_file(listener->certfile, false, &x509_cert, NULL)){
|
||||
log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to load server certificate \"%s\". Check certfile.", listener->certfile);
|
||||
@@ -474,6 +478,7 @@ int http_api__start(struct mosquitto__listener *listener)
|
||||
}
|
||||
flags |= MHD_USE_TLS;
|
||||
}
|
||||
#endif
|
||||
|
||||
if(bind_address){
|
||||
char service[10];
|
||||
|
||||
@@ -116,16 +116,25 @@ static int read_tlv_ssl(struct mosquitto *context, uint16_t len, bool *have_cert
|
||||
|
||||
switch(tlv->type){
|
||||
case PP2_SUBTYPE_SSL_VERSION:
|
||||
#ifdef WITH_TLS
|
||||
mosquitto_free(context->proxy.tls_version);
|
||||
context->proxy.tls_version = mosquitto_strndup((const char *)&context->proxy.buf[context->proxy.pos], tlv_len);
|
||||
#else
|
||||
return MOSQ_ERR_NOT_SUPPORTED;
|
||||
#endif
|
||||
break;
|
||||
|
||||
case PP2_SUBTYPE_SSL_CIPHER:
|
||||
#ifdef WITH_TLS
|
||||
mosquitto_free(context->proxy.cipher);
|
||||
context->proxy.cipher = mosquitto_strndup((const char *)&context->proxy.buf[context->proxy.pos], tlv_len);
|
||||
#else
|
||||
return MOSQ_ERR_NOT_SUPPORTED;
|
||||
#endif
|
||||
break;
|
||||
|
||||
case PP2_SUBTYPE_SSL_CN:
|
||||
#ifdef WITH_TLS
|
||||
if(context->listener->use_identity_as_username){
|
||||
mosquitto_free(context->username);
|
||||
context->username = mosquitto_strndup((const char *)&context->proxy.buf[context->proxy.pos], tlv_len);
|
||||
@@ -133,6 +142,9 @@ static int read_tlv_ssl(struct mosquitto *context, uint16_t len, bool *have_cert
|
||||
return MOSQ_ERR_NOMEM;
|
||||
}
|
||||
}
|
||||
#else
|
||||
return MOSQ_ERR_NOT_SUPPORTED;
|
||||
#endif
|
||||
break;
|
||||
}
|
||||
len = (uint16_t)(len - (sizeof(uint8_t) + sizeof(uint8_t) + sizeof(uint8_t) + tlv_len));
|
||||
@@ -299,6 +311,7 @@ int proxy_v2__read(struct mosquitto *context)
|
||||
return MOSQ_ERR_PROXY;
|
||||
}
|
||||
|
||||
#ifdef WITH_TLS
|
||||
if(context->listener->require_certificate){
|
||||
if(!have_certificate){
|
||||
log__printf(NULL, MOSQ_LOG_NOTICE, "Connection from %s:%d rejected, client did not provide a certificate.",
|
||||
@@ -312,6 +325,7 @@ int proxy_v2__read(struct mosquitto *context)
|
||||
log__printf(NULL, MOSQ_LOG_NOTICE, "Connection from %s:%d negotiated %s cipher %s",
|
||||
context->address, context->remote_port, context->proxy.tls_version, context->proxy.cipher);
|
||||
}
|
||||
#endif
|
||||
proxy_cleanup(context);
|
||||
|
||||
#if defined(WITH_WEBSOCKETS) && WITH_WEBSOCKETS == WS_IS_BUILTIN
|
||||
|
||||
Reference in New Issue
Block a user