diff --git a/include/villas/nodes/mqtt.hpp b/include/villas/nodes/mqtt.hpp index 75a4ee2f3..261e35f9f 100644 --- a/include/villas/nodes/mqtt.hpp +++ b/include/villas/nodes/mqtt.hpp @@ -54,12 +54,16 @@ struct mqtt { char *subscribe; /**< Subscribe topic. */ struct { - int enabled; /**< Enable SSL encrypted connection to broker. */ - int insecure; /**< Allow insecure SSL connections. */ - char *cafile; /**< SSL CA file. */ - char *capath; /**< SSL CA path. */ - char *certfile; /**< SSL certificate. */ - char *keyfile; /**< SSL private key. */ + int enabled; /**< Enable SSL encrypted connection to broker. */ + int insecure; /**< Allow insecure SSL connections. */ + char *cafile; /**< SSL CA file. */ + char *capath; /**< SSL CA path. */ + char *certfile; /**< SSL certificate. */ + char *keyfile; /**< SSL private key. */ + int cert_reqs; /**< SSL_VERIFY_NONE(0) or SSL_VERIFY_PEER(1) */ + char *tls_version; /**< SSL tls verion */ + char *ciphers; /**< SSL chipher list. */ + } ssl; villas::node::Format *formatter; diff --git a/lib/nodes/mqtt.cpp b/lib/nodes/mqtt.cpp index 600f55b7a..6f166b2ed 100644 --- a/lib/nodes/mqtt.cpp +++ b/lib/nodes/mqtt.cpp @@ -210,6 +210,9 @@ int mqtt_init(struct vnode *n) m->ssl.capath = nullptr; m->ssl.certfile = nullptr; m->ssl.keyfile = nullptr; + m->ssl.cert_reqs = SSL_VERIFY_PEER; + m->ssl.tls_version = nullptr; + m->ssl.ciphers = nullptr; return 0; @@ -268,14 +271,19 @@ int mqtt_parse(struct vnode *n, json_t *json) const char *capath = nullptr; const char *certfile = nullptr; const char *keyfile = nullptr; + const char *tls_version = nullptr; + const char *ciphers = nullptr; - ret = json_unpack_ex(json_ssl, &err, 0, "{ s?: b, s?: b, s?: s, s?: s, s?: s, s?: s }", + ret = json_unpack_ex(json_ssl, &err, 0, "{ s?: b, s?: b, s?: s, s?: s, s?: s, s?: s, s?: s, s?: b}", "enabled", &m->ssl.enabled, "insecure", &m->ssl.insecure, "cafile", &cafile, "capath", &capath, "certfile", &certfile, - "keyfile", &keyfile + "keyfile", &keyfile, + "cipher", &ciphers, + "verify", &m->ssl.cert_reqs, + "tls_version", &tls_version ); if (ret) throw ConfigError(json_ssl, err, "node-config-node-mqtt-ssl", "Failed to parse SSL configuration of node {}", *n); @@ -287,6 +295,7 @@ int mqtt_parse(struct vnode *n, json_t *json) m->ssl.capath = capath ? strdup(capath) : nullptr; m->ssl.certfile = certfile ? strdup(certfile) : nullptr; m->ssl.keyfile = keyfile ? strdup(keyfile) : nullptr; + m->ssl.ciphers = ciphers ? strdup(ciphers) : nullptr; } /* Format */ @@ -408,6 +417,10 @@ int mqtt_start(struct vnode *n) ret = mosquitto_tls_insecure_set(m->client, m->ssl.insecure); if (ret != MOSQ_ERR_SUCCESS) goto mosquitto_error; + + ret = mosquitto_tls_opts_set(m->client, m->ssl.cert_reqs, m->ssl.tls_version, m->ssl.ciphers); + if (ret != MOSQ_ERR_SUCCESS) + goto mosquitto_error; } ret = mosquitto_connect(m->client, m->host, m->port, m->keepalive);