Fix reconnecting in some cases when using MOSQ_OPT_TLS_USE_OS_CERTS.

Fix reconnecting failing when MOSQ_OPT_TLS_USE_OS_CERTS was in use, but none of capath, cafile, psk, nor MOSQ_OPT_SSL_CTX were set, and MOSQ_OPT_SSL_CTX_WITH_DEFAULTS was set to the default value of true. Closes #2288. Thanks to Poltorak Serguei.
eclipse · Aug 31, 2021 · d09591d · d09591d
1 parent e43d360
commit d09591d
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 7 deletions.
diff --git a/ChangeLog.txt b/ChangeLog.txt
@@ -52,6 +52,10 @@ Client library:
 - Threaded mode is deconfigured when the mosquitto_loop_start() thread ends,
  which allows mosquitto_loop_start() to be called again. Closes #2242.
 - Fix MOSQ_OPT_SSL_CTX not being able to be set to NULL. Closes #2289.
+- Fix reconnecting failing when MOSQ_OPT_TLS_USE_OS_CERTS was in use, but none
+ of capath, cafile, psk, nor MOSQ_OPT_SSL_CTX were set, and
+ MOSQ_OPT_SSL_CTX_WITH_DEFAULTS was set to the default value of true.
+ Closes #2288.
 
 Apps:
 - Fix `mosquitto_ctrl dynsec setDefaultACLAccess` command not working.

diff --git a/lib/mosquitto_internal.h b/lib/mosquitto_internal.h
@@ -243,6 +243,9 @@ struct mosquitto {
 #ifdef WITH_TLS
  SSL *ssl;
  SSL_CTX *ssl_ctx;
+#ifndef WITH_BROKER
+ SSL_CTX *user_ssl_ctx;
+#endif
  char *tls_cafile;
  char *tls_capath;
  char *tls_certfile;

diff --git a/lib/net_mosq.c b/lib/net_mosq.c
@@ -668,15 +668,18 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
 #if !defined(OPENSSL_NO_ENGINE)
  EVP_PKEY *pkey;
 #endif
-
- if(mosq->ssl_ctx){
+
+#ifndef WITH_BROKER
+ if(mosq->user_ssl_ctx){
+ mosq->ssl_ctx = mosq->user_ssl_ctx;
  if(!mosq->ssl_ctx_defaults){
  return MOSQ_ERR_SUCCESS;
  }else if(!mosq->tls_cafile && !mosq->tls_capath && !mosq->tls_psk){
- log__printf(mosq, MOSQ_LOG_ERR, "Error: MOSQ_OPT_SSL_CTX_WITH_DEFAULTS used without specifying cafile, capath or psk.");
+ log__printf(mosq, MOSQ_LOG_ERR, "Error: If you use MOSQ_OPT_SSL_CTX then MOSQ_OPT_SSL_CTX_WITH_DEFAULTS must be true, or at least one of cafile, capath or psk must be specified.");
  return MOSQ_ERR_INVAL;
  }
  }
+#endif
 
  /* Apply default SSL_CTX settings. This is only used if MOSQ_OPT_SSL_CTX
  * has not been set, or if both of MOSQ_OPT_SSL_CTX and

diff --git a/lib/options.c b/lib/options.c
@@ -508,12 +508,12 @@ int mosquitto_void_option(struct mosquitto *mosq, enum mosq_opt_t option, void *
  switch(option){
  case MOSQ_OPT_SSL_CTX:
 #ifdef WITH_TLS
- mosq->ssl_ctx = (SSL_CTX *)value;
- if(mosq->ssl_ctx){
+ mosq->user_ssl_ctx = (SSL_CTX *)value;
+ if(mosq->user_ssl_ctx){
 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
- SSL_CTX_up_ref(mosq->ssl_ctx);
+ SSL_CTX_up_ref(mosq->user_ssl_ctx);
 #else
- CRYPTO_add(&(mosq->ssl_ctx)->references, 1, CRYPTO_LOCK_SSL_CTX);
+ CRYPTO_add(&(mosq->user_ssl_ctx)->references, 1, CRYPTO_LOCK_SSL_CTX);
 #endif
  }
  break;