Skip to content

1.2.0
Compare
Choose a tag to compare
@sshanks-kx sshanks-kx released this 15 Nov 17:50
1.2.0
68da71a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Release 1.2.0

  • Library now uses 1.3.11 of paho.mqtt.c
  • Now supports TLS/SSL connections (see below)

New library addition mqttkdb_ssl.so which allows both TLS/SSL and non-TLS/SSL connections.
Differs from existing mqttkdb.so in that it requires the mqtt library libpaho-mqtt3cs and openssl libs to be installed on the system.
The mqttkdb.so is still provided for non TLS/SSL users, preventing them from having to install TLS/SSL libs on their system.

When using mqttkdb_ssl.so :

  • the connection URI needs to change from tcp:// to ssl:// in order to work with SSL/TLS connections
  • remember to alter q script to load the mqttkdb_ssl.so instead of mqttkdb.so
  • requires SSL/TLS specific connection params (in addition to any existing params e.g. username/password)

New connection params

Name Type Details
trustStore sym The file in PEM format containing the public digital certificates trusted by the client.
keyStore sym The file in PEM format containing the public certificate chain of the client. It may also include the client's private key.
privateKey sym If not included in the sslKeyStore, this setting points to the file in PEM format containing the client's private key.
privateKeyPassword sym The password to load the client's privateKey if encrypted.
enabledCipherSuites sym The list of cipher suites that the client will present to the server during the SSL handshake. For a full explanation of the cipher list format, please see the OpenSSL on-line documentation: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT If this setting is ommitted, its default value will be "ALL", that is, all the cipher suites -excluding those offering no encryption- will be considered. This setting can be used to set an SSL anonymous connection ("aNULL" string value, for instance)
enableServerCertAuth int/long True/False (i.e. 1/0) option to enable verification of the server certificate
sslVersion int/long The SSL/TLS version to use. Specify one of MQTT_SSL_VERSION_DEFAULT (0), MQTT_SSL_VERSION_TLS_1_0 (1), MQTT_SSL_VERSION_TLS_1_1 (2) or MQTT_SSL_VERSION_TLS_1_2 (3). Only used if struct_version is >= 1
verify int/long Whether to carry out post-connect checks, including that a certificate matches the given host name.
CApath sym From the OpenSSL documentation: If CApath is not NULL, it points to a directory containing CA certificates in PEM format

Example

opts:`trustStore`enableServerCertAuth`verify`sslVersion!((`$"/mqttq/server-certs/ca.crt");(0i);(0i);(0i))
.mqtt.conn[`$"ssl://localhost:1883";`rcv;opts];
Assets 5
Loading