wolf SSL / MQTTS

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependencies:   FP MQTTPacket

Dependents:   YoPlegma

Fork of MQTT by MQTT

Files at this revision

API Documentation at this revision

Revision 46:d8968fcc21b8, committed 2015-07-26

Comitter:
wolfSSL
Date:
Sun Jul 26 09:50:40 2015 +0000
Parent:
45:6c023c2ab095
Commit message:
Verify Server Cert

Changed in this revision

MQTTSocket.h Show annotated file Show diff for this revision Revisions of this file 
--- a/MQTTSocket.h	Sun Jul 26 06:10:10 2015 +0000
+++ b/MQTTSocket.h	Sun Jul 26 09:50:40 2015 +0000
@@ -4,7 +4,7 @@
 #include "MQTTmbed.h"
 #include "TCPSocketConnection.h"
 #include "wolfssl/ssl.h"
-#include    <wolfssl/wolfcrypt/error-crypt.h>
+#include "wolfssl/wolfcrypt/error-crypt.h"
 
 static int SocketReceive(WOLFSSL* ssl, char *buf, int sz, void *sock)
 {
@@ -19,14 +19,14 @@
 class MQTTSocket
 {
 public:
-    int connect(char* hostname, int port,  bool tls = false, int timeout=1000)
+    int connect(char* hostname, int port,  const char *certName = NULL, int timeout=1000)
     {
 
         mysock.set_blocking(false, timeout);    // 1 second Timeout
-        isTLS = tls ;
+        isTLS = certName == NULL ? false : true ;
         int ret = mysock.connect(hostname, port);
         if((ret == 0) && isTLS) {
-            return tls_connect(&mysock) ;
+            return tls_connect(&mysock, certName) ;
         } else return ret ;
     }
     
@@ -55,23 +55,28 @@
         }
         return mysock.close();
     }
-    
+
 private:
 
     TCPSocketConnection mysock;
     bool  isTLS ;
     WOLFSSL_CTX* ctx;
     WOLFSSL*     ssl;
-
-    int tls_connect(TCPSocketConnection *sock)
+    
+    int tls_connect(TCPSocketConnection *sock, const char *certName)
     {
         /* create and initiLize WOLFSSL_CTX structure */
         if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
             printf("SSL_CTX_new error.\n");
             return EXIT_FAILURE;
         }
-
-        wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+        if(*certName == '\0'){
+            wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+        } else {
+            if (wolfSSL_CTX_load_verify_locations(ctx, certName,0) != SSL_SUCCESS)
+                printf("can't load ca file\n");
+        }
+        
         wolfSSL_SetIORecv(ctx, SocketReceive) ;
         wolfSSL_SetIOSend(ctx, SocketSend) ;