PSK is not enabled unless psk_hint is specified.

[newAM]

On the develop branch this configuration will not enable PSK unless the psk_hint line is uncommented:

allow_anonymous true
listener 8883
psk_file pskfile.psk
# psk_hint anything_at_all

I think this is a bug because of this code:

mosquitto/src/net.c

Lines 935 to 950 in 29f49bf

	if(listener->psk_hint){
	if(listener->certfile == NULL || listener->keyfile == NULL){
	if(net__tls_server_ctx(listener)){
	return 1;
	}
	}
	SSL_CTX_set_psk_server_callback(listener->ssl_ctx, psk_server_callback);
	if(listener->psk_hint){
	rc = SSL_CTX_use_psk_identity_hint(listener->ssl_ctx, listener->psk_hint);
	if(rc == 0){
	log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to set TLS PSK hint.");
	net__print_ssl_error(NULL);
	return 1;
	}
	}
	}

The condition on line 942 is redundant because it is nested in an identical condition from line 935, and the code between those lines does not mutate listener->psk_hint as far as I can tell.

I think the intent was for line 935 to be something along the lines of if (listener->psk_file){, but I could not find an appropriate member in the mosquitto__listener struct.

[ralight]

You're quite right that the redundant if is redundant, but the method by which TLS-PSK mode is enabled is through setting psk_hint. It is required by openssl - In the case where PSK identity hint is NULL, the server does not send the ServerKeyExchange message to the client. The psk_hint requirement is also mentioned in the mosquitto.conf man page.

I'm closing this issue because I think I've addressed it sufficiently to answer what you need. I'm trying to close issues like this to get on top of the issues list. If there is still something left to do on this issue, please reopen it and give more details.