New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Permit cafile and capath to be NULL when MOSQ_OPT_TLS_USE_OS_CERTS is set #2820
Comments
The use of MOSQ_OPT_TLS_USE_OS_CERTS (--tls-use-os-certs for mosquitto commands) seems not to work on some setups. On the lib, it uses SSL_CTX_set_default_verify_paths, as from the man, it says:
Also, note that the lib doesn't check for success/failure as the man specifies that can happen:
I tried exporting SSL_CERT_DIR but it didn't make it work. Still figuring it out, but the simplest way to go is to set the cafile as your /etc/ssl/certs/ca-certificates.crt file (at least for OpenSSL). |
Hi,
In order for Mosquitto MQTT to use OS certs,
MOSQ_OPT_TLS_USE_OS_CERTS
needs to be set. This works fine, however, if the user needs to setcertfile
andkeyfile
usingmosquitto_tls_set
, they will be forced to specify eithercafile
orcapath
despite using OS certs. Right now, the workaround is to specify an arbitrary string forcapath
which will be ignored.Would it be possible to enable these arguments (
cafile
andcapath
) to be NULL ifMOSQ_OPT_TLS_USE_OS_CERTS
is set?Thanks for your help.
The text was updated successfully, but these errors were encountered: