Fix use of MOSQ_OPT_SSL_CTX when used with MOSQ_OPT_SSL_CTX_DEFAULTS

Closes #2463. Thanks to Tim Nordell.
eclipse · Aug 10, 2022 · 02b92b9 · tim-nordell-nimbelink · Aug 10, 2022 · tim-nordell-nimbelink
1 parent f9fa19c
commit 02b92b9
Show file tree

Hide file tree

Showing 7 changed files with 138 additions and 1 deletion.
diff --git a/ChangeLog.txt b/ChangeLog.txt
@@ -28,6 +28,8 @@ Client library:
 - Don't set SIGPIPE to ignore, use MSG_NOSIGNAL instead. Closes #2564.
 - Add documentation of struct mosquitto_message to header. Closes #2561.
 - Fix documentation omission around mosquitto_reinitialise. Closes #2489.
+- Fix use of MOSQ_OPT_SSL_CTX when used in conjunction with
+ MOSQ_OPT_SSL_CTX_DEFAULTS. Closes #2463.
 
 Clients:
 - Fix mosquitto_pub incorrectly reusing topic aliases when reconnecting.

diff --git a/lib/net_mosq.c b/lib/net_mosq.c
@@ -661,8 +661,8 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
  * has not been set, or if both of MOSQ_OPT_SSL_CTX and
  * MOSQ_OPT_SSL_CTX_WITH_DEFAULTS are set. */
  if(mosq->tls_cafile || mosq->tls_capath || mosq->tls_psk || mosq->tls_use_os_certs){
+ net__init_tls();
  if(!mosq->ssl_ctx){
- net__init_tls();
 
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
  mosq->ssl_ctx = SSL_CTX_new(SSLv23_client_method());

diff --git a/test/lib/Makefile b/test/lib/Makefile
@@ -65,6 +65,8 @@ ifeq ($(WITH_TLS),yes)
  ./08-ssl-bad-cacert.py $@/08-ssl-bad-cacert.test
  ./08-ssl-connect-cert-auth-enc.py $@/08-ssl-connect-cert-auth-enc.test
  ./08-ssl-connect-cert-auth.py $@/08-ssl-connect-cert-auth.test
+ ./08-ssl-connect-cert-auth.py $@/08-ssl-connect-cert-auth-custom-ssl-ctx.test
+ ./08-ssl-connect-cert-auth.py $@/08-ssl-connect-cert-auth-custom-ssl-ctx-default.test
  ./08-ssl-connect-no-auth.py $@/08-ssl-connect-no-auth.test
 endif
  ./09-util-topic-tokenise.py $@/09-util-topic-tokenise.test

diff --git a/test/lib/c/08-ssl-connect-cert-auth-custom-ssl-ctx-default.c b/test/lib/c/08-ssl-connect-cert-auth-custom-ssl-ctx-default.c
@@ -0,0 +1,59 @@
+#include <errno.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <mosquitto.h>
+#include <openssl/ssl.h>
+
+static int run = -1;
+
+void on_connect(struct mosquitto *mosq, void *obj, int rc)
+{
+ if(rc){
+ exit(1);
+ }else{
+ mosquitto_disconnect(mosq);
+ }
+}
+
+void on_disconnect(struct mosquitto *mosq, void *obj, int rc)
+{
+ run = rc;
+}
+
+int main(int argc, char *argv[])
+{
+ int rc;
+ struct mosquitto *mosq;
+ SSL_CTX *ssl_ctx;
+ int port = atoi(argv[1]);
+
+ mosquitto_lib_init();
+
+ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
+ | OPENSSL_INIT_ADD_ALL_DIGESTS \
+ | OPENSSL_INIT_LOAD_CONFIG, NULL);
+ ssl_ctx = SSL_CTX_new(TLS_client_method());
+
+ mosq = mosquitto_new("08-ssl-connect-crt-auth", true, NULL);
+ if(mosq == NULL){
+ return 1;
+ }
+
+ mosquitto_int_option(mosq, MOSQ_OPT_SSL_CTX_WITH_DEFAULTS, 1);
+ mosquitto_void_option(mosq, MOSQ_OPT_SSL_CTX, ssl_ctx);
+
+ mosquitto_tls_set(mosq, "../ssl/test-root-ca.crt", "../ssl/certs", "../ssl/client.crt", "../ssl/client.key", NULL);
+ mosquitto_connect_callback_set(mosq, on_connect);
+ mosquitto_disconnect_callback_set(mosq, on_disconnect);
+
+ rc = mosquitto_connect(mosq, "localhost", port, 60);
+
+ while(run == -1){
+ mosquitto_loop(mosq, -1, 1);
+ }
+ mosquitto_destroy(mosq);
+
+ mosquitto_lib_cleanup();
+ return run;
+}
diff --git a/test/lib/c/08-ssl-connect-cert-auth-custom-ssl-ctx.c b/test/lib/c/08-ssl-connect-cert-auth-custom-ssl-ctx.c
@@ -0,0 +1,63 @@
+#include <errno.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <mosquitto.h>
+#include <openssl/ssl.h>
+
+static int run = -1;
+
+void on_connect(struct mosquitto *mosq, void *obj, int rc)
+{
+ if(rc){
+ exit(1);
+ }else{
+ mosquitto_disconnect(mosq);
+ }
+}
+
+void on_disconnect(struct mosquitto *mosq, void *obj, int rc)
+{
+ run = rc;
+}
+
+int main(int argc, char *argv[])
+{
+ int rc;
+ struct mosquitto *mosq;
+ SSL_CTX *ssl_ctx;
+ int port = atoi(argv[1]);
+
+ mosquitto_lib_init();
+
+ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
+ | OPENSSL_INIT_ADD_ALL_DIGESTS \
+ | OPENSSL_INIT_LOAD_CONFIG, NULL);
+ ssl_ctx = SSL_CTX_new(TLS_client_method());
+
+ SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
+ SSL_CTX_use_certificate_chain_file(ssl_ctx, "../ssl/client.crt");
+ SSL_CTX_use_PrivateKey_file(ssl_ctx, "../ssl/client.key", SSL_FILETYPE_PEM);
+ SSL_CTX_load_verify_locations(ssl_ctx, "../ssl/test-root-ca.crt", "../ssl/certs");
+
+ mosq = mosquitto_new("08-ssl-connect-crt-auth", true, NULL);
+ if(mosq == NULL){
+ return 1;
+ }
+ mosquitto_tls_set(mosq, "../ssl/test-root-ca.crt", "../ssl/certs", "../ssl/client.crt", "../ssl/client.key", NULL);
+ mosquitto_connect_callback_set(mosq, on_connect);
+ mosquitto_disconnect_callback_set(mosq, on_disconnect);
+
+ mosquitto_int_option(mosq, MOSQ_OPT_SSL_CTX_WITH_DEFAULTS, 0);
+ mosquitto_void_option(mosq, MOSQ_OPT_SSL_CTX, ssl_ctx);
+
+ rc = mosquitto_connect(mosq, "localhost", port, 60);
+
+ while(run == -1){
+ mosquitto_loop(mosq, -1, 1);
+ }
+ mosquitto_destroy(mosq);
+
+ mosquitto_lib_cleanup();
+ return run;
+}
diff --git a/test/lib/c/Makefile b/test/lib/c/Makefile
@@ -1,3 +1,5 @@
+include ../../../config.mk
+
 .PHONY: all clean reallyclean
 
 CFLAGS=-I../../../include -Werror
@@ -55,6 +57,13 @@ SRC = \
  11-prop-send-payload-format.c \
  11-prop-send-content-type.c
 
+ifeq ($(WITH_TLS),yes)
+SRC += \
+ 08-ssl-connect-cert-auth-custom-ssl-ctx.c \
+ 08-ssl-connect-cert-auth-custom-ssl-ctx-default.c
+LIBS += -lssl -lcrypto
+endif
+
 TESTS = ${SRC:.c=.test}
 
 all : ${TESTS}

diff --git a/test/lib/test.py b/test/lib/test.py
@@ -48,6 +48,8 @@
  (1, ['./08-ssl-bad-cacert.py', 'c/08-ssl-bad-cacert.test']),
  (1, ['./08-ssl-connect-cert-auth-enc.py', 'c/08-ssl-connect-cert-auth-enc.test']),
  (1, ['./08-ssl-connect-cert-auth.py', 'c/08-ssl-connect-cert-auth.test']),
+ (1, ['./08-ssl-connect-cert-auth.py', 'c/08-ssl-connect-cert-auth-custom-ssl-ctx.test']),
+ (1, ['./08-ssl-connect-cert-auth.py', 'c/08-ssl-connect-cert-auth-custom-ssl-ctx-default.test']),
  (1, ['./08-ssl-connect-no-auth.py', 'c/08-ssl-connect-no-auth.test']),
 
  (1, ['./09-util-topic-tokenise.py', 'c/09-util-topic-tokenise.test']),