wolf SSL / MQTTS

MQTT and MQTTS with wolfSSL TSL library

Dependencies:   FP MQTTPacket

Dependents:   YoPlegma

Fork of MQTT by MQTT

MQTT is light weight publish/subscribe based messaging protocol for M2M, IoT. This library was forked from MQTT https://developer.mbed.org/teams/mqtt for adding MQTTS security layer on the protocol. TLS(SSL) part of the library is by wolfSSL.https://developer.mbed.org/users/wolfSSL/code/wolfSSL/

"connect" method was extended for TLS. Rest of API's stay compatible with MQTT.

connect methode

 int connect(char* hostname, int port,  const char *certName = NULL, int timeout=1000)

The 3rd argument certName can be following values.

  • NULL: connecting with MQTT
  • pointer to certificate file: connecting with MQTTS. PEM or DER for server verification.
  • pointer to NULL string: connecting with MQTTS without server verification. This option is for prototyping only, not recommended in security perspective.

日本語:https://developer.mbed.org/users/wolfSSL/code/MQTTS/wiki/MQTTSライブラリ

MQTTSocket.h@46:d8968fcc21b8, 2015-07-26 (annotated)

Committer:
wolfSSL
Date:
Sun Jul 26 09:50:40 2015 +0000
Revision:
46:d8968fcc21b8
Parent:
45:6c023c2ab095 
Verify Server Cert

Who changed what in which revision?

UserRevisionLine numberNew contents of line
icraggs 31:a51dd239b78e 1 #if !defined(MQTTSOCKET_H)
icraggs 31:a51dd239b78e 2 #define MQTTSOCKET_H
icraggs 31:a51dd239b78e 3
icraggs 43:21da1f744243 4 #include "MQTTmbed.h"
icraggs 31:a51dd239b78e 5 #include "TCPSocketConnection.h"
wolfSSL 45:6c023c2ab095 6 #include "wolfssl/ssl.h"
wolfSSL 46:d8968fcc21b8 7 #include "wolfssl/wolfcrypt/error-crypt.h"
wolfSSL 45:6c023c2ab095 8
wolfSSL 45:6c023c2ab095 9 static int SocketReceive(WOLFSSL* ssl, char *buf, int sz, void *sock)
wolfSSL 45:6c023c2ab095 10 {
wolfSSL 45:6c023c2ab095 11 return ((TCPSocketConnection *)sock)->receive(buf, sz) ;
wolfSSL 45:6c023c2ab095 12 }
wolfSSL 45:6c023c2ab095 13
wolfSSL 45:6c023c2ab095 14 static int SocketSend(WOLFSSL* ssl, char *buf, int sz, void *sock)
wolfSSL 45:6c023c2ab095 15 {
wolfSSL 45:6c023c2ab095 16 return ((TCPSocketConnection *)sock)->send(buf, sz);
wolfSSL 45:6c023c2ab095 17 }
icraggs 31:a51dd239b78e 18
icraggs 31:a51dd239b78e 19 class MQTTSocket
icraggs 31:a51dd239b78e 20 {
wolfSSL 45:6c023c2ab095 21 public:
wolfSSL 46:d8968fcc21b8 22 int connect(char* hostname, int port, const char *certName = NULL, int timeout=1000)
icraggs 31:a51dd239b78e 23 {
wolfSSL 45:6c023c2ab095 24
wolfSSL 45:6c023c2ab095 25 mysock.set_blocking(false, timeout); // 1 second Timeout
wolfSSL 46:d8968fcc21b8 26 isTLS = certName == NULL ? false : true ;
wolfSSL 45:6c023c2ab095 27 int ret = mysock.connect(hostname, port);
wolfSSL 45:6c023c2ab095 28 if((ret == 0) && isTLS) {
wolfSSL 46:d8968fcc21b8 29 return tls_connect(&mysock, certName) ;
wolfSSL 45:6c023c2ab095 30 } else return ret ;
icraggs 31:a51dd239b78e 31 }
wolfSSL 45:6c023c2ab095 32
icraggs 36:2f1ada427e56 33 int read(unsigned char* buffer, int len, int timeout)
icraggs 31:a51dd239b78e 34 {
wolfSSL 45:6c023c2ab095 35 mysock.set_blocking(false, timeout);
wolfSSL 45:6c023c2ab095 36 return isTLS ?
wolfSSL 45:6c023c2ab095 37 wolfSSL_read(ssl, (char*)buffer, len) :
wolfSSL 45:6c023c2ab095 38 mysock.receive((char *)buffer, len) ;
icraggs 31:a51dd239b78e 39 }
icraggs 31:a51dd239b78e 40
icraggs 36:2f1ada427e56 41 int write(unsigned char* buffer, int len, int timeout)
icraggs 31:a51dd239b78e 42 {
wolfSSL 45:6c023c2ab095 43 mysock.set_blocking(false, timeout);
wolfSSL 45:6c023c2ab095 44 return isTLS ?
wolfSSL 45:6c023c2ab095 45 wolfSSL_write(ssl, (char*)buffer, len) :
wolfSSL 45:6c023c2ab095 46 mysock.send((char *)buffer, len) ;
icraggs 31:a51dd239b78e 47 }
icraggs 31:a51dd239b78e 48
icraggs 31:a51dd239b78e 49 int disconnect()
icraggs 31:a51dd239b78e 50 {
wolfSSL 45:6c023c2ab095 51 if(isTLS) {
wolfSSL 45:6c023c2ab095 52 wolfSSL_free(ssl);
wolfSSL 45:6c023c2ab095 53 wolfSSL_CTX_free(ctx);
wolfSSL 45:6c023c2ab095 54 wolfSSL_Cleanup();
wolfSSL 45:6c023c2ab095 55 }
icraggs 31:a51dd239b78e 56 return mysock.close();
icraggs 31:a51dd239b78e 57 }
wolfSSL 46:d8968fcc21b8 58
icraggs 31:a51dd239b78e 59 private:
icraggs 31:a51dd239b78e 60
wolfSSL 45:6c023c2ab095 61 TCPSocketConnection mysock;
wolfSSL 45:6c023c2ab095 62 bool isTLS ;
wolfSSL 45:6c023c2ab095 63 WOLFSSL_CTX* ctx;
wolfSSL 45:6c023c2ab095 64 WOLFSSL* ssl;
wolfSSL 46:d8968fcc21b8 65
wolfSSL 46:d8968fcc21b8 66 int tls_connect(TCPSocketConnection *sock, const char *certName)
wolfSSL 45:6c023c2ab095 67 {
wolfSSL 45:6c023c2ab095 68 /* create and initiLize WOLFSSL_CTX structure */
wolfSSL 45:6c023c2ab095 69 if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
wolfSSL 45:6c023c2ab095 70 printf("SSL_CTX_new error.\n");
wolfSSL 45:6c023c2ab095 71 return EXIT_FAILURE;
wolfSSL 45:6c023c2ab095 72 }
wolfSSL 46:d8968fcc21b8 73 if(*certName == '\0'){
wolfSSL 46:d8968fcc21b8 74 wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
wolfSSL 46:d8968fcc21b8 75 } else {
wolfSSL 46:d8968fcc21b8 76 if (wolfSSL_CTX_load_verify_locations(ctx, certName,0) != SSL_SUCCESS)
wolfSSL 46:d8968fcc21b8 77 printf("can't load ca file\n");
wolfSSL 46:d8968fcc21b8 78 }
wolfSSL 46:d8968fcc21b8 79
wolfSSL 45:6c023c2ab095 80 wolfSSL_SetIORecv(ctx, SocketReceive) ;
wolfSSL 45:6c023c2ab095 81 wolfSSL_SetIOSend(ctx, SocketSend) ;
wolfSSL 45:6c023c2ab095 82
wolfSSL 45:6c023c2ab095 83 if ((ssl = wolfSSL_new(ctx)) == NULL) {
wolfSSL 45:6c023c2ab095 84 printf("wolfSSL_new error.\n");
wolfSSL 45:6c023c2ab095 85 return EXIT_FAILURE;
wolfSSL 45:6c023c2ab095 86 }
wolfSSL 45:6c023c2ab095 87
wolfSSL 45:6c023c2ab095 88 wolfSSL_SetIOReadCtx(ssl, (void *)sock) ;
wolfSSL 45:6c023c2ab095 89 wolfSSL_SetIOWriteCtx(ssl, (void *)sock) ;
wolfSSL 45:6c023c2ab095 90
wolfSSL 45:6c023c2ab095 91 if (wolfSSL_connect(ssl) != SSL_SUCCESS) {
wolfSSL 45:6c023c2ab095 92 printf("TLS Connect error, %s\n", wc_GetErrorString(wolfSSL_get_error(ssl, 0)));
wolfSSL 45:6c023c2ab095 93 return EXIT_FAILURE;
wolfSSL 45:6c023c2ab095 94 } else {
wolfSSL 45:6c023c2ab095 95 return 0 ;
wolfSSL 45:6c023c2ab095 96 }
wolfSSL 45:6c023c2ab095 97 }
icraggs 31:a51dd239b78e 98 };
icraggs 31:a51dd239b78e 99
icraggs 31:a51dd239b78e 100
icraggs 31:a51dd239b78e 101
icraggs 31:a51dd239b78e 102 #endif