From 1b7c6b5cbdfd27635c46fbfe584267f7f3d25677 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 8 Mar 2022 16:05:15 +0000 Subject: [PATCH 01/11] All docker images should use the same base. --- docker/1.5-openssl/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/1.5-openssl/Dockerfile b/docker/1.5-openssl/Dockerfile index c4e0a3f71..baa41aa28 100644 --- a/docker/1.5-openssl/Dockerfile +++ b/docker/1.5-openssl/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.12 +FROM alpine:3.14 LABEL maintainer="Roger Light " \ description="Eclipse Mosquitto MQTT Broker" From 8459a3c45653df7d6f08a83d269b944c40892857 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 8 Mar 2022 16:06:32 +0000 Subject: [PATCH 02/11] Fix whitespace errors --- docker/1.5/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker/1.5/Dockerfile b/docker/1.5/Dockerfile index 00cfd691c..42d27f2ef 100644 --- a/docker/1.5/Dockerfile +++ b/docker/1.5/Dockerfile @@ -65,7 +65,7 @@ RUN set -x && \ WITH_SHARED_LIBRARIES=yes \ WITH_SRV=no \ WITH_STRIP=yes \ - WITH_TLS_PSK=no \ + WITH_TLS_PSK=no \ WITH_WEBSOCKETS=yes \ prefix=/usr \ binary && \ @@ -82,8 +82,8 @@ RUN set -x && \ chown -R mosquitto:mosquitto /mosquitto && \ apk --no-cache add \ ca-certificates \ - libressl \ - libuuid && \ + libressl \ + libuuid && \ apk del build-deps && \ rm -rf /build From 8212bbe29b6fc0a49c30a15b22a36ff0ac7b9d32 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 8 Mar 2022 16:06:50 +0000 Subject: [PATCH 03/11] Remove defunct pgp keyservers from Dockerfiles. --- docker/1.5-openssl/Dockerfile | 3 +-- docker/1.5/Dockerfile | 3 +-- docker/1.6-openssl/Dockerfile | 3 +-- docker/1.6/Dockerfile | 3 +-- docker/2.0-openssl/Dockerfile | 3 +-- docker/2.0/Dockerfile | 3 +-- docker/generic/Dockerfile | 3 +-- 7 files changed, 7 insertions(+), 14 deletions(-) diff --git a/docker/1.5-openssl/Dockerfile b/docker/1.5-openssl/Dockerfile index baa41aa28..2d258cbd7 100644 --- a/docker/1.5-openssl/Dockerfile +++ b/docker/1.5-openssl/Dockerfile @@ -40,9 +40,8 @@ RUN set -x && \ export GNUPGHOME="$(mktemp -d)" && \ found=''; \ for server in \ - ha.pool.sks-keyservers.net \ + htps://keys.openpgp.org \ hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $GPG_KEYS from $server"; \ diff --git a/docker/1.5/Dockerfile b/docker/1.5/Dockerfile index 42d27f2ef..45c3c162e 100644 --- a/docker/1.5/Dockerfile +++ b/docker/1.5/Dockerfile @@ -42,9 +42,8 @@ RUN set -x && \ export GNUPGHOME="$(mktemp -d)" && \ found=''; \ for server in \ - ha.pool.sks-keyservers.net \ + hkps://keys.openpgp.org \ hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $GPG_KEYS from $server"; \ diff --git a/docker/1.6-openssl/Dockerfile b/docker/1.6-openssl/Dockerfile index 13769d51e..025d85f10 100644 --- a/docker/1.6-openssl/Dockerfile +++ b/docker/1.6-openssl/Dockerfile @@ -45,9 +45,8 @@ RUN set -x && \ export GNUPGHOME="$(mktemp -d)" && \ found=''; \ for server in \ - ha.pool.sks-keyservers.net \ + hkps://keys.openpgp.org \ hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $GPG_KEYS from $server"; \ diff --git a/docker/1.6/Dockerfile b/docker/1.6/Dockerfile index 882da1932..75b8cf429 100644 --- a/docker/1.6/Dockerfile +++ b/docker/1.6/Dockerfile @@ -45,9 +45,8 @@ RUN set -x && \ export GNUPGHOME="$(mktemp -d)" && \ found=''; \ for server in \ - ha.pool.sks-keyservers.net \ + hkps://keys.openpgp.org \ hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $GPG_KEYS from $server"; \ diff --git a/docker/2.0-openssl/Dockerfile b/docker/2.0-openssl/Dockerfile index 44f09b2dd..fc3366dea 100644 --- a/docker/2.0-openssl/Dockerfile +++ b/docker/2.0-openssl/Dockerfile @@ -46,9 +46,8 @@ RUN set -x && \ export GNUPGHOME="$(mktemp -d)" && \ found=''; \ for server in \ - ha.pool.sks-keyservers.net \ + hkps://keys.openpgp.org \ hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $GPG_KEYS from $server"; \ diff --git a/docker/2.0/Dockerfile b/docker/2.0/Dockerfile index 3df683604..bf54f81fd 100644 --- a/docker/2.0/Dockerfile +++ b/docker/2.0/Dockerfile @@ -46,9 +46,8 @@ RUN set -x && \ export GNUPGHOME="$(mktemp -d)" && \ found=''; \ for server in \ - ha.pool.sks-keyservers.net \ + hkps://keys.openpgp.org \ hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $GPG_KEYS from $server"; \ diff --git a/docker/generic/Dockerfile b/docker/generic/Dockerfile index a855bd7cd..656f8a15e 100644 --- a/docker/generic/Dockerfile +++ b/docker/generic/Dockerfile @@ -63,9 +63,8 @@ RUN set -x && \ export GNUPGHOME="$(mktemp -d)" && \ found=''; \ for server in \ - ha.pool.sks-keyservers.net \ + hkps://keys.openpgp.org \ hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $GPG_KEYS from $server"; \ From 610b63985adf7cd2010d2b319ee44c1530bd23dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nathana=C3=ABl=20L=C3=A9caud=C3=A9?= Date: Mon, 14 Mar 2022 11:09:43 -0400 Subject: [PATCH 04/11] Fix typo (missing word) --- www/pages/documentation/dynamic-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/www/pages/documentation/dynamic-security.md b/www/pages/documentation/dynamic-security.md index a84f8589b..6570ace17 100644 --- a/www/pages/documentation/dynamic-security.md +++ b/www/pages/documentation/dynamic-security.md @@ -15,7 +15,7 @@ ## Introduction The Dynamic Security plugin is a Mosquitto plugin which provides role based -authentication and access control features that can updated whilst the broker +authentication and access control features that can be updated whilst the broker is running, using a special topic based API. It is supported since Mosquitto 2.0, and should be available in all From e5bf040fb7a4f630eb7311550c08365c243cbea8 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Fri, 13 May 2022 13:25:16 +0100 Subject: [PATCH 05/11] Weekly Coverity Scan run. --- .github/workflows/coverity-scan.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/coverity-scan.yml diff --git a/.github/workflows/coverity-scan.yml b/.github/workflows/coverity-scan.yml new file mode 100644 index 000000000..27310bd79 --- /dev/null +++ b/.github/workflows/coverity-scan.yml @@ -0,0 +1,24 @@ +name: Coverity Scan fixes and develop branches on a weekly basis + +on: + workflow_dispatch: + schedule: + - cron: "7 3 * * 0" + +jobs: + coverity: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Dependencies + run: sudo apt-get install -y libcjson-dev libsqlite3-dev libssl-dev uthash-dev + + - uses: vapier/coverity-scan-action@v1 + with: + build_language: 'cxx' + project: "eclipse/mosquitto" + token: ${{ secrets.COVERITY_SCAN_TOKEN }} + email: ${{ secrets.COVERITY_SCAN_EMAIL }} + command: "make binary" + From 4ac8c0bcc34c8640e8c6a931e8e63ea4f250c6c7 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 17 May 2022 21:11:20 +0100 Subject: [PATCH 06/11] Add deny-protocol-version example plugin, for 2.0 only. --- plugins/Makefile | 1 + plugins/deny-protocol-version/CMakeLists.txt | 24 ++++ plugins/deny-protocol-version/Makefile | 29 +++++ .../mosquitto_deny_protocol_version.c | 110 ++++++++++++++++++ plugins/deny-protocol-version/test.conf | 4 + plugins/deny-protocol-version/test.sh | 4 + 6 files changed, 172 insertions(+) create mode 100644 plugins/deny-protocol-version/CMakeLists.txt create mode 100644 plugins/deny-protocol-version/Makefile create mode 100644 plugins/deny-protocol-version/mosquitto_deny_protocol_version.c create mode 100644 plugins/deny-protocol-version/test.conf create mode 100755 plugins/deny-protocol-version/test.sh diff --git a/plugins/Makefile b/plugins/Makefile index f039b2c4d..51d5670cd 100644 --- a/plugins/Makefile +++ b/plugins/Makefile @@ -1,5 +1,6 @@ DIRS= \ auth-by-ip \ + deny-protocol-version \ dynamic-security \ message-timestamp \ payload-modification diff --git a/plugins/deny-protocol-version/CMakeLists.txt b/plugins/deny-protocol-version/CMakeLists.txt new file mode 100644 index 000000000..d998df758 --- /dev/null +++ b/plugins/deny-protocol-version/CMakeLists.txt @@ -0,0 +1,24 @@ +set (PLUGIN_NAME mosquitto_deny_protocol_version) + +add_library(${PLUGIN_NAME} MODULE + ${PLUGIN_NAME}.c +) + +target_include_directories(${PLUGIN_NAME} PRIVATE + "${OPENSSL_INCLUDE_DIR}" + "${STDBOOL_H_PATH} ${STDINT_H_PATH}" + "${mosquitto_SOURCE_DIR}" + "${mosquitto_SOURCE_DIR}/include" +) + +set_target_properties(${PLUGIN_NAME} PROPERTIES + PREFIX "" + POSITION_INDEPENDENT_CODE 1 +) + +if(WIN32) + target_link_libraries(${PLUGIN_NAME} PRIVATE mosquitto) +endif() + +# Don't install, these are example plugins only. +#install(TARGETS ${PLUGIN_NAME} RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}" LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}") diff --git a/plugins/deny-protocol-version/Makefile b/plugins/deny-protocol-version/Makefile new file mode 100644 index 000000000..42e6c8065 --- /dev/null +++ b/plugins/deny-protocol-version/Makefile @@ -0,0 +1,29 @@ +R=../.. +include ${R}/config.mk + +.PHONY : all binary check clean reallyclean test install uninstall + +PLUGIN_NAME=mosquitto_deny_protocol_version +PLUGIN_CFLAGS+=-I${R}/include -I${R}/ + +all : binary + +binary : ${PLUGIN_NAME}.so + +${PLUGIN_NAME}.so : ${PLUGIN_NAME}.c + $(CROSS_COMPILE)$(CC) $(PLUGIN_CPPFLAGS) $(PLUGIN_CFLAGS) $(PLUGIN_LDFLAGS) -fPIC -shared $< -o $@ + +reallyclean : clean +clean: + -rm -f *.o ${PLUGIN_NAME}.so *.gcda *.gcno + +check: test +test: + +install: ${PLUGIN_NAME}.so + # Don't install, these are examples only. + #$(INSTALL) -d "${DESTDIR}$(libdir)" + #$(INSTALL) ${STRIP_OPTS} ${PLUGIN_NAME}.so "${DESTDIR}${libdir}/${PLUGIN_NAME}.so" + +uninstall : + -rm -f "${DESTDIR}${libdir}/${PLUGIN_NAME}.so" diff --git a/plugins/deny-protocol-version/mosquitto_deny_protocol_version.c b/plugins/deny-protocol-version/mosquitto_deny_protocol_version.c new file mode 100644 index 000000000..191cf7105 --- /dev/null +++ b/plugins/deny-protocol-version/mosquitto_deny_protocol_version.c @@ -0,0 +1,110 @@ +/* +Copyright (c) 2022 Roger Light + +All rights reserved. This program and the accompanying materials +are made available under the terms of the Eclipse Public License 2.0 +and Eclipse Distribution License v1.0 which accompany this distribution. + +The Eclipse Public License is available at + https://www.eclipse.org/legal/epl-2.0/ +and the Eclipse Distribution License is available at + http://www.eclipse.org/org/documents/edl-v10.php. + +SPDX-License-Identifier: EPL-2.0 OR EDL-1.0 + +Contributors: + Roger Light - initial implementation and documentation. +*/ + +/* + * This is an example plugin showing how to deny access based on the version of + * the protocol spec a client connects with. It does no other authentication + * checks. + * + * It could be used with other authentication plugins by specifying it in the + * config file before another plugin, for example: + * + * plugin /usr/lib/mosquitto_deny_protocol_version.so + * plugin /usr/lib/mosquitto_dynamic_security.so + * + * or: + * + * plugin /usr/lib/mosquitto_deny_protocol_version.so + * password_file pwfile + * + * It will *not* work on its own. + * + * In Mosquitto 2.1, this can be achieved with the `accept_protocol_version` + * option instead. + * + * + * To compile: + * + * gcc -I -fPIC -shared mosquitto_deny_protocol_version.c -o mosquitto_deny_protocol_version.so + * + * Note that this only works on Mosquitto 2.0 or later. + */ +#include "config.h" + +#include +#include + +#include "mosquitto_broker.h" +#include "mosquitto_plugin.h" +#include "mosquitto.h" +#include "mqtt_protocol.h" + +static mosquitto_plugin_id_t *mosq_pid = NULL; + +int mosquitto_plugin_version(int supported_version_count, const int *supported_versions) +{ + int i; + + for(i=0; iclient); + + if(protocol_version == 5 || protocol_version == 4){ + /* Allow access to MQTT v5.0 and v3.1.1 - this passes on responsibility + * for the actual auth checks to the next plugin/password file in the + * config list. If no other plugins/password file is defined, then + * access will be denied. */ + return MOSQ_ERR_PLUGIN_DEFER; + }else{ + /* Deny access to all others */ + return MOSQ_ERR_AUTH; + } +} + +int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier, void **user_data, struct mosquitto_opt *opts, int opt_count) +{ + UNUSED(user_data); + UNUSED(opts); + UNUSED(opt_count); + + mosq_pid = identifier; + return mosquitto_callback_register(mosq_pid, MOSQ_EVT_BASIC_AUTH, basic_auth_callback, NULL, NULL); +} + +int mosquitto_plugin_cleanup(void *user_data, struct mosquitto_opt *opts, int opt_count) +{ + UNUSED(user_data); + UNUSED(opts); + UNUSED(opt_count); + + return mosquitto_callback_unregister(mosq_pid, MOSQ_EVT_MESSAGE, basic_auth_callback, NULL); +} diff --git a/plugins/deny-protocol-version/test.conf b/plugins/deny-protocol-version/test.conf new file mode 100644 index 000000000..010213140 --- /dev/null +++ b/plugins/deny-protocol-version/test.conf @@ -0,0 +1,4 @@ +listener 1883 + +plugin ./mosquitto_deny_protocol_version.so +password_file pwfile diff --git a/plugins/deny-protocol-version/test.sh b/plugins/deny-protocol-version/test.sh new file mode 100755 index 000000000..3005da50e --- /dev/null +++ b/plugins/deny-protocol-version/test.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +../../apps/mosquitto_passwd/mosquitto_passwd -c -b pwfile username password +../../src/mosquitto -c test.conf -v From 9417facffac9d69cd7dcbc1bf0a1af1b9edd4621 Mon Sep 17 00:00:00 2001 From: Pargorn Puttapirat Date: Thu, 23 Jun 2022 00:26:00 +0700 Subject: [PATCH 07/11] Fix syntax errors in examples Problematics examples: addRoleACL and removeRoleACL --- www/pages/documentation/dynamic-security.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/www/pages/documentation/dynamic-security.md b/www/pages/documentation/dynamic-security.md index 6570ace17..82f9635dd 100644 --- a/www/pages/documentation/dynamic-security.md +++ b/www/pages/documentation/dynamic-security.md @@ -660,7 +660,7 @@ Where `acltype` is one of `publishClientSend`, `publishClientReceive`, For example: ``` -mosquitto_ctrl dynsec addRoleACL clientPublishSend client/topic allow 5 +mosquitto_ctrl dynsec addRoleACL publishClientSend client/topic allow 5 ``` To remove an ACL from a role using the topic filter as the key: @@ -670,7 +670,7 @@ mosquitto_ctrl dynsec removeRoleACL dynsec removeRoleACL clientPublishSend client/topic +mosquitto_ctrl dynsec removeRoleACL publishClientSend client/topic ``` To get information on a role: From ca009907e5f76c67790a83609e5fb267f104ec3b Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Wed, 6 Jul 2022 16:28:07 +0100 Subject: [PATCH 08/11] Web page update including external docs. --- www/pages/documentation.md | 12 +++++++++ www/pages/index.html | 55 +++++++++++++++++++++++++++----------- 2 files changed, 52 insertions(+), 15 deletions(-) diff --git a/www/pages/documentation.md b/www/pages/documentation.md index cc728dc8d..a464b4a62 100644 --- a/www/pages/documentation.md +++ b/www/pages/documentation.md @@ -31,6 +31,15 @@ * [Using the snap package] - specific instructions on installing and configuring the Mosquitto snap package. * [Migrating from 1.x to 2.0] - details of changes needed to migrate to version 2.0. +# Third party + +These are some Mosquitto documentation hosted by third parties. + +* [Steve's internet guide] - a broad range of documentation and examples + covering Mosquitto and the Paho Python client, amongst others. +* [docs.cedalo.com] - includes documentation for both Mosquitto and Eclipse + Streamsheets + [mosquitto]:/man/mosquitto-8.html [mosquitto.conf]:/man/mosquitto-conf-5.html [mosquitto_passwd]:/man/mosquitto_passwd-1.html @@ -46,3 +55,6 @@ [Using the snap package]:/documentation/using-the-snap/ [Dynamic Security plugin]:/documentation/dynamic-security/ [Migrating from 1.x to 2.0]:/documentation/migrating-to-2-0/ + +[Steve's internet guide]: http://www.steves-internet-guide.com/ +[docs.cedalo.com]: https://docs.cedalo.com/ diff --git a/www/pages/index.html b/www/pages/index.html index 5842835cf..6ddcb05b3 100644 --- a/www/pages/index.html +++ b/www/pages/index.html @@ -27,8 +27,8 @@ and mosquitto_sub command line MQTT clients.

Mosquitto is part of the Eclipse - Foundation, is an iot.eclipse.org - project and is sponsored by cedalo.com.

+ Foundation, and is an iot.eclipse.org + project. The development is driven by Cedalo.

@@ -37,42 +37,67 @@
-

Download

+

Download and Security

Mosquitto is highly portable and available for a wide range of platforms. Go to the dedicated download page to find the source or binaries for your platform.

Read the Change Log to find out about recent releases.

+ +

Use the security page to find out + how to report vulnerabilities or responses to past security + issues.

-

Test

+

Test

You can have your own instance of Mosquitto running in minutes, but to make testing even easier, the Mosquitto Project - runs a test server at test.mosquitto.org where + runs a test server at + test.mosquitto.org where you can test your clients in a variety of ways: plain MQTT, - MQTT over TLS, MQTT over TLS (with client certificate), + MQTT over TLS, MQTT over TLS (with + client certificate), MQTT over WebSockets and MQTT over WebSockets with TLS.

+
+
-

Community

+

Community

+
+
+

Support

+

Support is always available from the community channels on a + best effort basis. If you require commercial support, + Cedalo can offer support for hosted + or on-premise instances, consulting on the use of Mosquitto, + and custom development to your needs.

+
+
+
+

Related Projects

+

Paho provides MQTT + client library implementations in a wide variety of + languages.

+

Streamsheets is an + easy to use web based real time spreadsheet interface that can + be used to process incoming data from a variety of sources, + such as MQTT, OPC-UA, and REST. Developers and non-developers + can use Streamsheets to control processes and build dashboards, + for example. Mosquitto is a core component of Streamsheets.

+
-

Security

-

Use the security page to find out - how to report vulnerabilities or responses to past security - issues.

From ee1487743a870451b048e79eeecff9934ae357ca Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Wed, 6 Jul 2022 16:34:43 +0100 Subject: [PATCH 09/11] Remove dead link --- www/themes/mosquitto/templates/base_footer.tmpl | 1 - 1 file changed, 1 deletion(-) diff --git a/www/themes/mosquitto/templates/base_footer.tmpl b/www/themes/mosquitto/templates/base_footer.tmpl index 62693ab85..8b87c1663 100644 --- a/www/themes/mosquitto/templates/base_footer.tmpl +++ b/www/themes/mosquitto/templates/base_footer.tmpl @@ -9,7 +9,6 @@
Eclipse Home Market Place - Eclipse Live Eclipse Planet Eclipse Security Privacy Policy From ff97fbfe94b304b86167b15a68d4ae1d4502642c Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Wed, 6 Jul 2022 16:36:21 +0100 Subject: [PATCH 10/11] Fix links --- www/pages/index.html | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/www/pages/index.html b/www/pages/index.html index 6ddcb05b3..00858e548 100644 --- a/www/pages/index.html +++ b/www/pages/index.html @@ -41,10 +41,10 @@

Download and Security

Mosquitto is highly portable and available for a wide range of platforms. Go to the dedicated download page to find the source or binaries for your platform.

-

Read the Change Log to find out +

Read the Change Log to find out about recent releases.

-

Use the security page to find out +

Use the security page to find out how to report vulnerabilities or responses to past security issues.

@@ -70,7 +70,7 @@

Community

  • Talk to other users on the Mosquitto mailing list or on Slack.
  • Get help from the forums.
    • -
  • Cite Mosquitto in your academic work.
    • +
  • Cite Mosquitto in your academic work.
    • @@ -78,7 +78,7 @@

    Community

    Support

    Support is always available from the community channels on a best effort basis. If you require commercial support, - Cedalo can offer support for hosted + Cedalo can offer support for hosted or on-premise instances, consulting on the use of Mosquitto, and custom development to your needs.

    From ebe8624dd3d034e143b5ce876140c9b057a5c599 Mon Sep 17 00:00:00 2001 From: CastleOnTheHill Date: Tue, 19 Jul 2022 17:12:04 +0800 Subject: [PATCH 11/11] Fix SSL_connect misuse SSL_ERROR_SYSCALL is fatal error, should stop connection --- lib/net_mosq.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/net_mosq.c b/lib/net_mosq.c index 22f5a313f..1d9774db2 100644 --- a/lib/net_mosq.c +++ b/lib/net_mosq.c @@ -573,10 +573,6 @@ int net__socket_connect_tls(struct mosquitto *mosq) ret = SSL_connect(mosq->ssl); if(ret != 1) { err = SSL_get_error(mosq->ssl, ret); - if (err == SSL_ERROR_SYSCALL) { - mosq->want_connect = true; - return MOSQ_ERR_SUCCESS; - } if(err == SSL_ERROR_WANT_READ){ mosq->want_connect = true; /* We always try to read anyway */