New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MOSQ_OPT_SSL_CTX using SSL_CTX defaults is broken #2463
Comments
Thanks Tim, that's a good spot. It's now fixed and will be in 2.0.15 shortly. |
Hi @ralight - The fix looks good. I'd note that the new test cases look like they cleanup the dynamic initialization of the mosquitto library, but not the dynamic initialization of SSL. It could potentially catch a double free (if supported in the allocation library used) in the test cases if libmosquitto accidentally free'd the SSL context created externally if the cleanup of the SSL contexts were added. -- Tim |
Nice idea, I've added that in to the tests. |
I'm pretty sure this is a regression (I haven't tested on older versions of libmosquitto but debugged for my use case) caused by d5aae3e. Basically in the baseline example for this functionality should be:
and libmosquitto should essentially still work for connecting to TLS. However, it errors out with an error message:
In net_mosq.c, from commit d5aae3e, the
net__init_tls()
call is only invoked ifmosq->ssl_ctx
hasn't been created yet. This is always hit in the case of MOSQ_OPT_SSL_CTX being specified. I think it should always be invoked (e.g. move up the invocation ofnet__init_tls()
one line to just outside of the check formosq->ssl_ctx
already being instantiated) sincenet__init_tls()
has an internal check if it's been already run already. This appears to fix the case of the example above where you instantiate the TLS instance outside of libmosquitto and otherwise leave it to defaults.(It might need to be always invoked from
net__init_ssl_ctx(...)
to maintain prior behavior when MOSQ_OPT_SSL_CTX was created; I'm not sure of the interactions with users that aren't using MOSQ_OPT_SSL_CTX_WITH_DEFAULTS.)Thanks,
Tim
The text was updated successfully, but these errors were encountered: