MQTT and MQTTS with wolfSSL TSL library
Fork of MQTT by
MQTT is light weight publish/subscribe based messaging protocol for M2M, IoT. This library was forked from MQTT https://developer.mbed.org/teams/mqtt for adding MQTTS security layer on the protocol. TLS(SSL) part of the library is by wolfSSL.https://developer.mbed.org/users/wolfSSL/code/wolfSSL/
"connect" method was extended for TLS. Rest of API's stay compatible with MQTT.
connect methode
int connect(char* hostname, int port, const char *certName = NULL, int timeout=1000)
The 3rd argument certName can be following values.
- NULL: connecting with MQTT
- pointer to certificate file: connecting with MQTTS. PEM or DER for server verification.
- pointer to NULL string: connecting with MQTTS without server verification. This option is for prototyping only, not recommended in security perspective.
日本語:https://developer.mbed.org/users/wolfSSL/code/MQTTS/wiki/MQTTSライブラリ
Revision 46:d8968fcc21b8, committed 2015-07-26
- Comitter:
- wolfSSL
- Date:
- Sun Jul 26 09:50:40 2015 +0000
- Parent:
- 45:6c023c2ab095
- Commit message:
- Verify Server Cert
Changed in this revision
MQTTSocket.h | Show annotated file Show diff for this revision Revisions of this file |
diff -r 6c023c2ab095 -r d8968fcc21b8 MQTTSocket.h --- a/MQTTSocket.h Sun Jul 26 06:10:10 2015 +0000 +++ b/MQTTSocket.h Sun Jul 26 09:50:40 2015 +0000 @@ -4,7 +4,7 @@ #include "MQTTmbed.h" #include "TCPSocketConnection.h" #include "wolfssl/ssl.h" -#include <wolfssl/wolfcrypt/error-crypt.h> +#include "wolfssl/wolfcrypt/error-crypt.h" static int SocketReceive(WOLFSSL* ssl, char *buf, int sz, void *sock) { @@ -19,14 +19,14 @@ class MQTTSocket { public: - int connect(char* hostname, int port, bool tls = false, int timeout=1000) + int connect(char* hostname, int port, const char *certName = NULL, int timeout=1000) { mysock.set_blocking(false, timeout); // 1 second Timeout - isTLS = tls ; + isTLS = certName == NULL ? false : true ; int ret = mysock.connect(hostname, port); if((ret == 0) && isTLS) { - return tls_connect(&mysock) ; + return tls_connect(&mysock, certName) ; } else return ret ; } @@ -55,23 +55,28 @@ } return mysock.close(); } - + private: TCPSocketConnection mysock; bool isTLS ; WOLFSSL_CTX* ctx; WOLFSSL* ssl; - - int tls_connect(TCPSocketConnection *sock) + + int tls_connect(TCPSocketConnection *sock, const char *certName) { /* create and initiLize WOLFSSL_CTX structure */ if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { printf("SSL_CTX_new error.\n"); return EXIT_FAILURE; } - - wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); + if(*certName == '\0'){ + wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); + } else { + if (wolfSSL_CTX_load_verify_locations(ctx, certName,0) != SSL_SUCCESS) + printf("can't load ca file\n"); + } + wolfSSL_SetIORecv(ctx, SocketReceive) ; wolfSSL_SetIOSend(ctx, SocketSend) ;