MQTT and MQTTS with wolfSSL TSL library

Dependencies:   FP MQTTPacket

Dependents:   YoPlegma

Fork of MQTT by MQTT

MQTT is light weight publish/subscribe based messaging protocol for M2M, IoT. This library was forked from MQTT https://developer.mbed.org/teams/mqtt for adding MQTTS security layer on the protocol. TLS(SSL) part of the library is by wolfSSL.https://developer.mbed.org/users/wolfSSL/code/wolfSSL/

"connect" method was extended for TLS. Rest of API's stay compatible with MQTT.

connect methode

 int connect(char* hostname, int port,  const char *certName = NULL, int timeout=1000)

The 3rd argument certName can be following values.

  • NULL: connecting with MQTT
  • pointer to certificate file: connecting with MQTTS. PEM or DER for server verification.
  • pointer to NULL string: connecting with MQTTS without server verification. This option is for prototyping only, not recommended in security perspective.

日本語:https://developer.mbed.org/users/wolfSSL/code/MQTTS/wiki/MQTTSライブラリ

Files at this revision

API Documentation at this revision

Comitter:
wolfSSL
Date:
Sun Jul 26 09:50:40 2015 +0000
Parent:
45:6c023c2ab095
Commit message:
Verify Server Cert

Changed in this revision

MQTTSocket.h Show annotated file Show diff for this revision Revisions of this file
diff -r 6c023c2ab095 -r d8968fcc21b8 MQTTSocket.h
--- a/MQTTSocket.h	Sun Jul 26 06:10:10 2015 +0000
+++ b/MQTTSocket.h	Sun Jul 26 09:50:40 2015 +0000
@@ -4,7 +4,7 @@
 #include "MQTTmbed.h"
 #include "TCPSocketConnection.h"
 #include "wolfssl/ssl.h"
-#include    <wolfssl/wolfcrypt/error-crypt.h>
+#include "wolfssl/wolfcrypt/error-crypt.h"
 
 static int SocketReceive(WOLFSSL* ssl, char *buf, int sz, void *sock)
 {
@@ -19,14 +19,14 @@
 class MQTTSocket
 {
 public:
-    int connect(char* hostname, int port,  bool tls = false, int timeout=1000)
+    int connect(char* hostname, int port,  const char *certName = NULL, int timeout=1000)
     {
 
         mysock.set_blocking(false, timeout);    // 1 second Timeout
-        isTLS = tls ;
+        isTLS = certName == NULL ? false : true ;
         int ret = mysock.connect(hostname, port);
         if((ret == 0) && isTLS) {
-            return tls_connect(&mysock) ;
+            return tls_connect(&mysock, certName) ;
         } else return ret ;
     }
     
@@ -55,23 +55,28 @@
         }
         return mysock.close();
     }
-    
+
 private:
 
     TCPSocketConnection mysock;
     bool  isTLS ;
     WOLFSSL_CTX* ctx;
     WOLFSSL*     ssl;
-
-    int tls_connect(TCPSocketConnection *sock)
+    
+    int tls_connect(TCPSocketConnection *sock, const char *certName)
     {
         /* create and initiLize WOLFSSL_CTX structure */
         if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
             printf("SSL_CTX_new error.\n");
             return EXIT_FAILURE;
         }
-
-        wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+        if(*certName == '\0'){
+            wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+        } else {
+            if (wolfSSL_CTX_load_verify_locations(ctx, certName,0) != SSL_SUCCESS)
+                printf("can't load ca file\n");
+        }
+        
         wolfSSL_SetIORecv(ctx, SocketReceive) ;
         wolfSSL_SetIOSend(ctx, SocketSend) ;