MQTT and MQTTS with wolfSSL TSL library
Fork of MQTT by
MQTT is light weight publish/subscribe based messaging protocol for M2M, IoT. This library was forked from MQTT https://developer.mbed.org/teams/mqtt for adding MQTTS security layer on the protocol. TLS(SSL) part of the library is by wolfSSL.https://developer.mbed.org/users/wolfSSL/code/wolfSSL/
"connect" method was extended for TLS. Rest of API's stay compatible with MQTT.
connect methode
int connect(char* hostname, int port, const char *certName = NULL, int timeout=1000)
The 3rd argument certName can be following values.
- NULL: connecting with MQTT
- pointer to certificate file: connecting with MQTTS. PEM or DER for server verification.
- pointer to NULL string: connecting with MQTTS without server verification. This option is for prototyping only, not recommended in security perspective.
日本語:https://developer.mbed.org/users/wolfSSL/code/MQTTS/wiki/MQTTSライブラリ
MQTTSocket.h@46:d8968fcc21b8, 2015-07-26 (annotated)
- Committer:
- wolfSSL
- Date:
- Sun Jul 26 09:50:40 2015 +0000
- Revision:
- 46:d8968fcc21b8
- Parent:
- 45:6c023c2ab095
Verify Server Cert
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
icraggs | 31:a51dd239b78e | 1 | #if !defined(MQTTSOCKET_H) |
icraggs | 31:a51dd239b78e | 2 | #define MQTTSOCKET_H |
icraggs | 31:a51dd239b78e | 3 | |
icraggs | 43:21da1f744243 | 4 | #include "MQTTmbed.h" |
icraggs | 31:a51dd239b78e | 5 | #include "TCPSocketConnection.h" |
wolfSSL | 45:6c023c2ab095 | 6 | #include "wolfssl/ssl.h" |
wolfSSL | 46:d8968fcc21b8 | 7 | #include "wolfssl/wolfcrypt/error-crypt.h" |
wolfSSL | 45:6c023c2ab095 | 8 | |
wolfSSL | 45:6c023c2ab095 | 9 | static int SocketReceive(WOLFSSL* ssl, char *buf, int sz, void *sock) |
wolfSSL | 45:6c023c2ab095 | 10 | { |
wolfSSL | 45:6c023c2ab095 | 11 | return ((TCPSocketConnection *)sock)->receive(buf, sz) ; |
wolfSSL | 45:6c023c2ab095 | 12 | } |
wolfSSL | 45:6c023c2ab095 | 13 | |
wolfSSL | 45:6c023c2ab095 | 14 | static int SocketSend(WOLFSSL* ssl, char *buf, int sz, void *sock) |
wolfSSL | 45:6c023c2ab095 | 15 | { |
wolfSSL | 45:6c023c2ab095 | 16 | return ((TCPSocketConnection *)sock)->send(buf, sz); |
wolfSSL | 45:6c023c2ab095 | 17 | } |
icraggs | 31:a51dd239b78e | 18 | |
icraggs | 31:a51dd239b78e | 19 | class MQTTSocket |
icraggs | 31:a51dd239b78e | 20 | { |
wolfSSL | 45:6c023c2ab095 | 21 | public: |
wolfSSL | 46:d8968fcc21b8 | 22 | int connect(char* hostname, int port, const char *certName = NULL, int timeout=1000) |
icraggs | 31:a51dd239b78e | 23 | { |
wolfSSL | 45:6c023c2ab095 | 24 | |
wolfSSL | 45:6c023c2ab095 | 25 | mysock.set_blocking(false, timeout); // 1 second Timeout |
wolfSSL | 46:d8968fcc21b8 | 26 | isTLS = certName == NULL ? false : true ; |
wolfSSL | 45:6c023c2ab095 | 27 | int ret = mysock.connect(hostname, port); |
wolfSSL | 45:6c023c2ab095 | 28 | if((ret == 0) && isTLS) { |
wolfSSL | 46:d8968fcc21b8 | 29 | return tls_connect(&mysock, certName) ; |
wolfSSL | 45:6c023c2ab095 | 30 | } else return ret ; |
icraggs | 31:a51dd239b78e | 31 | } |
wolfSSL | 45:6c023c2ab095 | 32 | |
icraggs | 36:2f1ada427e56 | 33 | int read(unsigned char* buffer, int len, int timeout) |
icraggs | 31:a51dd239b78e | 34 | { |
wolfSSL | 45:6c023c2ab095 | 35 | mysock.set_blocking(false, timeout); |
wolfSSL | 45:6c023c2ab095 | 36 | return isTLS ? |
wolfSSL | 45:6c023c2ab095 | 37 | wolfSSL_read(ssl, (char*)buffer, len) : |
wolfSSL | 45:6c023c2ab095 | 38 | mysock.receive((char *)buffer, len) ; |
icraggs | 31:a51dd239b78e | 39 | } |
icraggs | 31:a51dd239b78e | 40 | |
icraggs | 36:2f1ada427e56 | 41 | int write(unsigned char* buffer, int len, int timeout) |
icraggs | 31:a51dd239b78e | 42 | { |
wolfSSL | 45:6c023c2ab095 | 43 | mysock.set_blocking(false, timeout); |
wolfSSL | 45:6c023c2ab095 | 44 | return isTLS ? |
wolfSSL | 45:6c023c2ab095 | 45 | wolfSSL_write(ssl, (char*)buffer, len) : |
wolfSSL | 45:6c023c2ab095 | 46 | mysock.send((char *)buffer, len) ; |
icraggs | 31:a51dd239b78e | 47 | } |
icraggs | 31:a51dd239b78e | 48 | |
icraggs | 31:a51dd239b78e | 49 | int disconnect() |
icraggs | 31:a51dd239b78e | 50 | { |
wolfSSL | 45:6c023c2ab095 | 51 | if(isTLS) { |
wolfSSL | 45:6c023c2ab095 | 52 | wolfSSL_free(ssl); |
wolfSSL | 45:6c023c2ab095 | 53 | wolfSSL_CTX_free(ctx); |
wolfSSL | 45:6c023c2ab095 | 54 | wolfSSL_Cleanup(); |
wolfSSL | 45:6c023c2ab095 | 55 | } |
icraggs | 31:a51dd239b78e | 56 | return mysock.close(); |
icraggs | 31:a51dd239b78e | 57 | } |
wolfSSL | 46:d8968fcc21b8 | 58 | |
icraggs | 31:a51dd239b78e | 59 | private: |
icraggs | 31:a51dd239b78e | 60 | |
wolfSSL | 45:6c023c2ab095 | 61 | TCPSocketConnection mysock; |
wolfSSL | 45:6c023c2ab095 | 62 | bool isTLS ; |
wolfSSL | 45:6c023c2ab095 | 63 | WOLFSSL_CTX* ctx; |
wolfSSL | 45:6c023c2ab095 | 64 | WOLFSSL* ssl; |
wolfSSL | 46:d8968fcc21b8 | 65 | |
wolfSSL | 46:d8968fcc21b8 | 66 | int tls_connect(TCPSocketConnection *sock, const char *certName) |
wolfSSL | 45:6c023c2ab095 | 67 | { |
wolfSSL | 45:6c023c2ab095 | 68 | /* create and initiLize WOLFSSL_CTX structure */ |
wolfSSL | 45:6c023c2ab095 | 69 | if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { |
wolfSSL | 45:6c023c2ab095 | 70 | printf("SSL_CTX_new error.\n"); |
wolfSSL | 45:6c023c2ab095 | 71 | return EXIT_FAILURE; |
wolfSSL | 45:6c023c2ab095 | 72 | } |
wolfSSL | 46:d8968fcc21b8 | 73 | if(*certName == '\0'){ |
wolfSSL | 46:d8968fcc21b8 | 74 | wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); |
wolfSSL | 46:d8968fcc21b8 | 75 | } else { |
wolfSSL | 46:d8968fcc21b8 | 76 | if (wolfSSL_CTX_load_verify_locations(ctx, certName,0) != SSL_SUCCESS) |
wolfSSL | 46:d8968fcc21b8 | 77 | printf("can't load ca file\n"); |
wolfSSL | 46:d8968fcc21b8 | 78 | } |
wolfSSL | 46:d8968fcc21b8 | 79 | |
wolfSSL | 45:6c023c2ab095 | 80 | wolfSSL_SetIORecv(ctx, SocketReceive) ; |
wolfSSL | 45:6c023c2ab095 | 81 | wolfSSL_SetIOSend(ctx, SocketSend) ; |
wolfSSL | 45:6c023c2ab095 | 82 | |
wolfSSL | 45:6c023c2ab095 | 83 | if ((ssl = wolfSSL_new(ctx)) == NULL) { |
wolfSSL | 45:6c023c2ab095 | 84 | printf("wolfSSL_new error.\n"); |
wolfSSL | 45:6c023c2ab095 | 85 | return EXIT_FAILURE; |
wolfSSL | 45:6c023c2ab095 | 86 | } |
wolfSSL | 45:6c023c2ab095 | 87 | |
wolfSSL | 45:6c023c2ab095 | 88 | wolfSSL_SetIOReadCtx(ssl, (void *)sock) ; |
wolfSSL | 45:6c023c2ab095 | 89 | wolfSSL_SetIOWriteCtx(ssl, (void *)sock) ; |
wolfSSL | 45:6c023c2ab095 | 90 | |
wolfSSL | 45:6c023c2ab095 | 91 | if (wolfSSL_connect(ssl) != SSL_SUCCESS) { |
wolfSSL | 45:6c023c2ab095 | 92 | printf("TLS Connect error, %s\n", wc_GetErrorString(wolfSSL_get_error(ssl, 0))); |
wolfSSL | 45:6c023c2ab095 | 93 | return EXIT_FAILURE; |
wolfSSL | 45:6c023c2ab095 | 94 | } else { |
wolfSSL | 45:6c023c2ab095 | 95 | return 0 ; |
wolfSSL | 45:6c023c2ab095 | 96 | } |
wolfSSL | 45:6c023c2ab095 | 97 | } |
icraggs | 31:a51dd239b78e | 98 | }; |
icraggs | 31:a51dd239b78e | 99 | |
icraggs | 31:a51dd239b78e | 100 | |
icraggs | 31:a51dd239b78e | 101 | |
icraggs | 31:a51dd239b78e | 102 | #endif |