Mirrors/VILLASnode
1
0
Fork 0
mirror of https://git.rwth-aachen.de/acs/public/villas/node/ synced 2025-03-09 00:00:00 +01:00
Code Issues Releases Wiki Activity

mqtt: Add tls extra options

Browse source
This commit is contained in:
Manuel Pitz 2021-11-09 17:11:51 +01:00 committed by Steffen Vogel
parent 7411711688
commit 278290e015
2 changed files with 25 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
include/villas/nodes/mqtt.hpp
View file

@ -54,12 +54,16 @@ struct mqtt {
char *subscribe; /**< Subscribe topic. */
struct {
int enabled; /**< Enable SSL encrypted connection to broker. */
int insecure; /**< Allow insecure SSL connections. */
char *cafile; /**< SSL CA file. */
char *capath; /**< SSL CA path. */
char *certfile; /**< SSL certificate. */
char *keyfile; /**< SSL private key. */
int enabled; /**< Enable SSL encrypted connection to broker. */
int insecure; /**< Allow insecure SSL connections. */
char *cafile; /**< SSL CA file. */
char *capath; /**< SSL CA path. */
char *certfile; /**< SSL certificate. */
char *keyfile; /**< SSL private key. */
int cert_reqs; /**< SSL_VERIFY_NONE(0) or SSL_VERIFY_PEER(1) */
char *tls_version; /**< SSL tls verion */
char *ciphers; /**< SSL chipher list. */
} ssl;
villas::node::Format *formatter;

17
lib/nodes/mqtt.cpp
View file

@ -210,6 +210,9 @@ int mqtt_init(struct vnode *n)
m->ssl.capath = nullptr;
m->ssl.certfile = nullptr;
m->ssl.keyfile = nullptr;
m->ssl.cert_reqs = SSL_VERIFY_PEER;
m->ssl.tls_version = nullptr;
m->ssl.ciphers = nullptr;
return 0;
@ -268,14 +271,19 @@ int mqtt_parse(struct vnode *n, json_t *json)
const char *capath = nullptr;
const char *certfile = nullptr;
const char *keyfile = nullptr;
const char *tls_version = nullptr;
const char *ciphers = nullptr;
ret = json_unpack_ex(json_ssl, &err, 0, "{ s?: b, s?: b, s?: s, s?: s, s?: s, s?: s }",
ret = json_unpack_ex(json_ssl, &err, 0, "{ s?: b, s?: b, s?: s, s?: s, s?: s, s?: s, s?: s, s?: b}",
"enabled", &m->ssl.enabled,
"insecure", &m->ssl.insecure,
"cafile", &cafile,
"capath", &capath,
"certfile", &certfile,
"keyfile", &keyfile
"keyfile", &keyfile,
"cipher", &ciphers,
"verify", &m->ssl.cert_reqs,
"tls_version", &tls_version
);
if (ret)
throw ConfigError(json_ssl, err, "node-config-node-mqtt-ssl", "Failed to parse SSL configuration of node {}", *n);
@ -287,6 +295,7 @@ int mqtt_parse(struct vnode *n, json_t *json)
m->ssl.capath = capath ? strdup(capath) : nullptr;
m->ssl.certfile = certfile ? strdup(certfile) : nullptr;
m->ssl.keyfile = keyfile ? strdup(keyfile) : nullptr;
m->ssl.ciphers = ciphers ? strdup(ciphers) : nullptr;
}
/* Format */
@ -408,6 +417,10 @@ int mqtt_start(struct vnode *n)
ret = mosquitto_tls_insecure_set(m->client, m->ssl.insecure);
if (ret != MOSQ_ERR_SUCCESS)
goto mosquitto_error;
ret = mosquitto_tls_opts_set(m->client, m->ssl.cert_reqs, m->ssl.tls_version, m->ssl.ciphers);
if (ret != MOSQ_ERR_SUCCESS)
goto mosquitto_error;
}
ret = mosquitto_connect(m->client, m->host, m->port, m->keepalive);