From 1b7c6b5cbdfd27635c46fbfe584267f7f3d25677 Mon Sep 17 00:00:00 2001
From: "Roger A. Light"
Date: Tue, 8 Mar 2022 16:05:15 +0000
Subject: [PATCH 01/11] All docker images should use the same base.
---
docker/1.5-openssl/Dockerfile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docker/1.5-openssl/Dockerfile b/docker/1.5-openssl/Dockerfile
index c4e0a3f71..baa41aa28 100644
--- a/docker/1.5-openssl/Dockerfile
+++ b/docker/1.5-openssl/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.12
+FROM alpine:3.14
LABEL maintainer="Roger Light " \
description="Eclipse Mosquitto MQTT Broker"
From 8459a3c45653df7d6f08a83d269b944c40892857 Mon Sep 17 00:00:00 2001
From: "Roger A. Light"
Date: Tue, 8 Mar 2022 16:06:32 +0000
Subject: [PATCH 02/11] Fix whitespace errors
---
docker/1.5/Dockerfile | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/docker/1.5/Dockerfile b/docker/1.5/Dockerfile
index 00cfd691c..42d27f2ef 100644
--- a/docker/1.5/Dockerfile
+++ b/docker/1.5/Dockerfile
@@ -65,7 +65,7 @@ RUN set -x && \
WITH_SHARED_LIBRARIES=yes \
WITH_SRV=no \
WITH_STRIP=yes \
- WITH_TLS_PSK=no \
+ WITH_TLS_PSK=no \
WITH_WEBSOCKETS=yes \
prefix=/usr \
binary && \
@@ -82,8 +82,8 @@ RUN set -x && \
chown -R mosquitto:mosquitto /mosquitto && \
apk --no-cache add \
ca-certificates \
- libressl \
- libuuid && \
+ libressl \
+ libuuid && \
apk del build-deps && \
rm -rf /build
From 8212bbe29b6fc0a49c30a15b22a36ff0ac7b9d32 Mon Sep 17 00:00:00 2001
From: "Roger A. Light"
Date: Tue, 8 Mar 2022 16:06:50 +0000
Subject: [PATCH 03/11] Remove defunct pgp keyservers from Dockerfiles.
---
docker/1.5-openssl/Dockerfile | 3 +--
docker/1.5/Dockerfile | 3 +--
docker/1.6-openssl/Dockerfile | 3 +--
docker/1.6/Dockerfile | 3 +--
docker/2.0-openssl/Dockerfile | 3 +--
docker/2.0/Dockerfile | 3 +--
docker/generic/Dockerfile | 3 +--
7 files changed, 7 insertions(+), 14 deletions(-)
diff --git a/docker/1.5-openssl/Dockerfile b/docker/1.5-openssl/Dockerfile
index baa41aa28..2d258cbd7 100644
--- a/docker/1.5-openssl/Dockerfile
+++ b/docker/1.5-openssl/Dockerfile
@@ -40,9 +40,8 @@ RUN set -x && \
export GNUPGHOME="$(mktemp -d)" && \
found=''; \
for server in \
- ha.pool.sks-keyservers.net \
+ htps://keys.openpgp.org \
hkp://keyserver.ubuntu.com:80 \
- hkp://p80.pool.sks-keyservers.net:80 \
pgp.mit.edu \
; do \
echo "Fetching GPG key $GPG_KEYS from $server"; \
diff --git a/docker/1.5/Dockerfile b/docker/1.5/Dockerfile
index 42d27f2ef..45c3c162e 100644
--- a/docker/1.5/Dockerfile
+++ b/docker/1.5/Dockerfile
@@ -42,9 +42,8 @@ RUN set -x && \
export GNUPGHOME="$(mktemp -d)" && \
found=''; \
for server in \
- ha.pool.sks-keyservers.net \
+ hkps://keys.openpgp.org \
hkp://keyserver.ubuntu.com:80 \
- hkp://p80.pool.sks-keyservers.net:80 \
pgp.mit.edu \
; do \
echo "Fetching GPG key $GPG_KEYS from $server"; \
diff --git a/docker/1.6-openssl/Dockerfile b/docker/1.6-openssl/Dockerfile
index 13769d51e..025d85f10 100644
--- a/docker/1.6-openssl/Dockerfile
+++ b/docker/1.6-openssl/Dockerfile
@@ -45,9 +45,8 @@ RUN set -x && \
export GNUPGHOME="$(mktemp -d)" && \
found=''; \
for server in \
- ha.pool.sks-keyservers.net \
+ hkps://keys.openpgp.org \
hkp://keyserver.ubuntu.com:80 \
- hkp://p80.pool.sks-keyservers.net:80 \
pgp.mit.edu \
; do \
echo "Fetching GPG key $GPG_KEYS from $server"; \
diff --git a/docker/1.6/Dockerfile b/docker/1.6/Dockerfile
index 882da1932..75b8cf429 100644
--- a/docker/1.6/Dockerfile
+++ b/docker/1.6/Dockerfile
@@ -45,9 +45,8 @@ RUN set -x && \
export GNUPGHOME="$(mktemp -d)" && \
found=''; \
for server in \
- ha.pool.sks-keyservers.net \
+ hkps://keys.openpgp.org \
hkp://keyserver.ubuntu.com:80 \
- hkp://p80.pool.sks-keyservers.net:80 \
pgp.mit.edu \
; do \
echo "Fetching GPG key $GPG_KEYS from $server"; \
diff --git a/docker/2.0-openssl/Dockerfile b/docker/2.0-openssl/Dockerfile
index 44f09b2dd..fc3366dea 100644
--- a/docker/2.0-openssl/Dockerfile
+++ b/docker/2.0-openssl/Dockerfile
@@ -46,9 +46,8 @@ RUN set -x && \
export GNUPGHOME="$(mktemp -d)" && \
found=''; \
for server in \
- ha.pool.sks-keyservers.net \
+ hkps://keys.openpgp.org \
hkp://keyserver.ubuntu.com:80 \
- hkp://p80.pool.sks-keyservers.net:80 \
pgp.mit.edu \
; do \
echo "Fetching GPG key $GPG_KEYS from $server"; \
diff --git a/docker/2.0/Dockerfile b/docker/2.0/Dockerfile
index 3df683604..bf54f81fd 100644
--- a/docker/2.0/Dockerfile
+++ b/docker/2.0/Dockerfile
@@ -46,9 +46,8 @@ RUN set -x && \
export GNUPGHOME="$(mktemp -d)" && \
found=''; \
for server in \
- ha.pool.sks-keyservers.net \
+ hkps://keys.openpgp.org \
hkp://keyserver.ubuntu.com:80 \
- hkp://p80.pool.sks-keyservers.net:80 \
pgp.mit.edu \
; do \
echo "Fetching GPG key $GPG_KEYS from $server"; \
diff --git a/docker/generic/Dockerfile b/docker/generic/Dockerfile
index a855bd7cd..656f8a15e 100644
--- a/docker/generic/Dockerfile
+++ b/docker/generic/Dockerfile
@@ -63,9 +63,8 @@ RUN set -x && \
export GNUPGHOME="$(mktemp -d)" && \
found=''; \
for server in \
- ha.pool.sks-keyservers.net \
+ hkps://keys.openpgp.org \
hkp://keyserver.ubuntu.com:80 \
- hkp://p80.pool.sks-keyservers.net:80 \
pgp.mit.edu \
; do \
echo "Fetching GPG key $GPG_KEYS from $server"; \
From 610b63985adf7cd2010d2b319ee44c1530bd23dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nathana=C3=ABl=20L=C3=A9caud=C3=A9?=
Date: Mon, 14 Mar 2022 11:09:43 -0400
Subject: [PATCH 04/11] Fix typo (missing word)
---
www/pages/documentation/dynamic-security.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www/pages/documentation/dynamic-security.md b/www/pages/documentation/dynamic-security.md
index a84f8589b..6570ace17 100644
--- a/www/pages/documentation/dynamic-security.md
+++ b/www/pages/documentation/dynamic-security.md
@@ -15,7 +15,7 @@
## Introduction
The Dynamic Security plugin is a Mosquitto plugin which provides role based
-authentication and access control features that can updated whilst the broker
+authentication and access control features that can be updated whilst the broker
is running, using a special topic based API.
It is supported since Mosquitto 2.0, and should be available in all
From e5bf040fb7a4f630eb7311550c08365c243cbea8 Mon Sep 17 00:00:00 2001
From: "Roger A. Light"
Date: Fri, 13 May 2022 13:25:16 +0100
Subject: [PATCH 05/11] Weekly Coverity Scan run.
---
.github/workflows/coverity-scan.yml | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
create mode 100644 .github/workflows/coverity-scan.yml
diff --git a/.github/workflows/coverity-scan.yml b/.github/workflows/coverity-scan.yml
new file mode 100644
index 000000000..27310bd79
--- /dev/null
+++ b/.github/workflows/coverity-scan.yml
@@ -0,0 +1,24 @@
+name: Coverity Scan fixes and develop branches on a weekly basis
+
+on:
+ workflow_dispatch:
+ schedule:
+ - cron: "7 3 * * 0"
+
+jobs:
+ coverity:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+
+ - name: Dependencies
+ run: sudo apt-get install -y libcjson-dev libsqlite3-dev libssl-dev uthash-dev
+
+ - uses: vapier/coverity-scan-action@v1
+ with:
+ build_language: 'cxx'
+ project: "eclipse/mosquitto"
+ token: ${{ secrets.COVERITY_SCAN_TOKEN }}
+ email: ${{ secrets.COVERITY_SCAN_EMAIL }}
+ command: "make binary"
+
From 4ac8c0bcc34c8640e8c6a931e8e63ea4f250c6c7 Mon Sep 17 00:00:00 2001
From: "Roger A. Light"
Date: Tue, 17 May 2022 21:11:20 +0100
Subject: [PATCH 06/11] Add deny-protocol-version example plugin, for 2.0 only.
---
plugins/Makefile | 1 +
plugins/deny-protocol-version/CMakeLists.txt | 24 ++++
plugins/deny-protocol-version/Makefile | 29 +++++
.../mosquitto_deny_protocol_version.c | 110 ++++++++++++++++++
plugins/deny-protocol-version/test.conf | 4 +
plugins/deny-protocol-version/test.sh | 4 +
6 files changed, 172 insertions(+)
create mode 100644 plugins/deny-protocol-version/CMakeLists.txt
create mode 100644 plugins/deny-protocol-version/Makefile
create mode 100644 plugins/deny-protocol-version/mosquitto_deny_protocol_version.c
create mode 100644 plugins/deny-protocol-version/test.conf
create mode 100755 plugins/deny-protocol-version/test.sh
diff --git a/plugins/Makefile b/plugins/Makefile
index f039b2c4d..51d5670cd 100644
--- a/plugins/Makefile
+++ b/plugins/Makefile
@@ -1,5 +1,6 @@
DIRS= \
auth-by-ip \
+ deny-protocol-version \
dynamic-security \
message-timestamp \
payload-modification
diff --git a/plugins/deny-protocol-version/CMakeLists.txt b/plugins/deny-protocol-version/CMakeLists.txt
new file mode 100644
index 000000000..d998df758
--- /dev/null
+++ b/plugins/deny-protocol-version/CMakeLists.txt
@@ -0,0 +1,24 @@
+set (PLUGIN_NAME mosquitto_deny_protocol_version)
+
+add_library(${PLUGIN_NAME} MODULE
+ ${PLUGIN_NAME}.c
+)
+
+target_include_directories(${PLUGIN_NAME} PRIVATE
+ "${OPENSSL_INCLUDE_DIR}"
+ "${STDBOOL_H_PATH} ${STDINT_H_PATH}"
+ "${mosquitto_SOURCE_DIR}"
+ "${mosquitto_SOURCE_DIR}/include"
+)
+
+set_target_properties(${PLUGIN_NAME} PROPERTIES
+ PREFIX ""
+ POSITION_INDEPENDENT_CODE 1
+)
+
+if(WIN32)
+ target_link_libraries(${PLUGIN_NAME} PRIVATE mosquitto)
+endif()
+
+# Don't install, these are example plugins only.
+#install(TARGETS ${PLUGIN_NAME} RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}" LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}")
diff --git a/plugins/deny-protocol-version/Makefile b/plugins/deny-protocol-version/Makefile
new file mode 100644
index 000000000..42e6c8065
--- /dev/null
+++ b/plugins/deny-protocol-version/Makefile
@@ -0,0 +1,29 @@
+R=../..
+include ${R}/config.mk
+
+.PHONY : all binary check clean reallyclean test install uninstall
+
+PLUGIN_NAME=mosquitto_deny_protocol_version
+PLUGIN_CFLAGS+=-I${R}/include -I${R}/
+
+all : binary
+
+binary : ${PLUGIN_NAME}.so
+
+${PLUGIN_NAME}.so : ${PLUGIN_NAME}.c
+ $(CROSS_COMPILE)$(CC) $(PLUGIN_CPPFLAGS) $(PLUGIN_CFLAGS) $(PLUGIN_LDFLAGS) -fPIC -shared $< -o $@
+
+reallyclean : clean
+clean:
+ -rm -f *.o ${PLUGIN_NAME}.so *.gcda *.gcno
+
+check: test
+test:
+
+install: ${PLUGIN_NAME}.so
+ # Don't install, these are examples only.
+ #$(INSTALL) -d "${DESTDIR}$(libdir)"
+ #$(INSTALL) ${STRIP_OPTS} ${PLUGIN_NAME}.so "${DESTDIR}${libdir}/${PLUGIN_NAME}.so"
+
+uninstall :
+ -rm -f "${DESTDIR}${libdir}/${PLUGIN_NAME}.so"
diff --git a/plugins/deny-protocol-version/mosquitto_deny_protocol_version.c b/plugins/deny-protocol-version/mosquitto_deny_protocol_version.c
new file mode 100644
index 000000000..191cf7105
--- /dev/null
+++ b/plugins/deny-protocol-version/mosquitto_deny_protocol_version.c
@@ -0,0 +1,110 @@
+/*
+Copyright (c) 2022 Roger Light
+
+All rights reserved. This program and the accompanying materials
+are made available under the terms of the Eclipse Public License 2.0
+and Eclipse Distribution License v1.0 which accompany this distribution.
+
+The Eclipse Public License is available at
+ https://www.eclipse.org/legal/epl-2.0/
+and the Eclipse Distribution License is available at
+ http://www.eclipse.org/org/documents/edl-v10.php.
+
+SPDX-License-Identifier: EPL-2.0 OR EDL-1.0
+
+Contributors:
+ Roger Light - initial implementation and documentation.
+*/
+
+/*
+ * This is an example plugin showing how to deny access based on the version of
+ * the protocol spec a client connects with. It does no other authentication
+ * checks.
+ *
+ * It could be used with other authentication plugins by specifying it in the
+ * config file before another plugin, for example:
+ *
+ * plugin /usr/lib/mosquitto_deny_protocol_version.so
+ * plugin /usr/lib/mosquitto_dynamic_security.so
+ *
+ * or:
+ *
+ * plugin /usr/lib/mosquitto_deny_protocol_version.so
+ * password_file pwfile
+ *
+ * It will *not* work on its own.
+ *
+ * In Mosquitto 2.1, this can be achieved with the `accept_protocol_version`
+ * option instead.
+ *
+ *
+ * To compile:
+ *
+ * gcc -I -fPIC -shared mosquitto_deny_protocol_version.c -o mosquitto_deny_protocol_version.so
+ *
+ * Note that this only works on Mosquitto 2.0 or later.
+ */
+#include "config.h"
+
+#include
+#include
+
+#include "mosquitto_broker.h"
+#include "mosquitto_plugin.h"
+#include "mosquitto.h"
+#include "mqtt_protocol.h"
+
+static mosquitto_plugin_id_t *mosq_pid = NULL;
+
+int mosquitto_plugin_version(int supported_version_count, const int *supported_versions)
+{
+ int i;
+
+ for(i=0; iclient);
+
+ if(protocol_version == 5 || protocol_version == 4){
+ /* Allow access to MQTT v5.0 and v3.1.1 - this passes on responsibility
+ * for the actual auth checks to the next plugin/password file in the
+ * config list. If no other plugins/password file is defined, then
+ * access will be denied. */
+ return MOSQ_ERR_PLUGIN_DEFER;
+ }else{
+ /* Deny access to all others */
+ return MOSQ_ERR_AUTH;
+ }
+}
+
+int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier, void **user_data, struct mosquitto_opt *opts, int opt_count)
+{
+ UNUSED(user_data);
+ UNUSED(opts);
+ UNUSED(opt_count);
+
+ mosq_pid = identifier;
+ return mosquitto_callback_register(mosq_pid, MOSQ_EVT_BASIC_AUTH, basic_auth_callback, NULL, NULL);
+}
+
+int mosquitto_plugin_cleanup(void *user_data, struct mosquitto_opt *opts, int opt_count)
+{
+ UNUSED(user_data);
+ UNUSED(opts);
+ UNUSED(opt_count);
+
+ return mosquitto_callback_unregister(mosq_pid, MOSQ_EVT_MESSAGE, basic_auth_callback, NULL);
+}
diff --git a/plugins/deny-protocol-version/test.conf b/plugins/deny-protocol-version/test.conf
new file mode 100644
index 000000000..010213140
--- /dev/null
+++ b/plugins/deny-protocol-version/test.conf
@@ -0,0 +1,4 @@
+listener 1883
+
+plugin ./mosquitto_deny_protocol_version.so
+password_file pwfile
diff --git a/plugins/deny-protocol-version/test.sh b/plugins/deny-protocol-version/test.sh
new file mode 100755
index 000000000..3005da50e
--- /dev/null
+++ b/plugins/deny-protocol-version/test.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+../../apps/mosquitto_passwd/mosquitto_passwd -c -b pwfile username password
+../../src/mosquitto -c test.conf -v
From 9417facffac9d69cd7dcbc1bf0a1af1b9edd4621 Mon Sep 17 00:00:00 2001
From: Pargorn Puttapirat
Date: Thu, 23 Jun 2022 00:26:00 +0700
Subject: [PATCH 07/11] Fix syntax errors in examples
Problematics examples: addRoleACL and removeRoleACL
---
www/pages/documentation/dynamic-security.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/www/pages/documentation/dynamic-security.md b/www/pages/documentation/dynamic-security.md
index 6570ace17..82f9635dd 100644
--- a/www/pages/documentation/dynamic-security.md
+++ b/www/pages/documentation/dynamic-security.md
@@ -660,7 +660,7 @@ Where `acltype` is one of `publishClientSend`, `publishClientReceive`,
For example:
```
-mosquitto_ctrl dynsec addRoleACL clientPublishSend client/topic allow 5
+mosquitto_ctrl dynsec addRoleACL publishClientSend client/topic allow 5
```
To remove an ACL from a role using the topic filter as the key:
@@ -670,7 +670,7 @@ mosquitto_ctrl dynsec removeRoleACL dynsec removeRoleACL clientPublishSend client/topic
+mosquitto_ctrl dynsec removeRoleACL publishClientSend client/topic
```
To get information on a role:
From ca009907e5f76c67790a83609e5fb267f104ec3b Mon Sep 17 00:00:00 2001
From: "Roger A. Light"
Date: Wed, 6 Jul 2022 16:28:07 +0100
Subject: [PATCH 08/11] Web page update including external docs.
---
www/pages/documentation.md | 12 +++++++++
www/pages/index.html | 55 +++++++++++++++++++++++++++-----------
2 files changed, 52 insertions(+), 15 deletions(-)
diff --git a/www/pages/documentation.md b/www/pages/documentation.md
index cc728dc8d..a464b4a62 100644
--- a/www/pages/documentation.md
+++ b/www/pages/documentation.md
@@ -31,6 +31,15 @@
* [Using the snap package] - specific instructions on installing and configuring the Mosquitto snap package.
* [Migrating from 1.x to 2.0] - details of changes needed to migrate to version 2.0.
+# Third party
+
+These are some Mosquitto documentation hosted by third parties.
+
+* [Steve's internet guide] - a broad range of documentation and examples
+ covering Mosquitto and the Paho Python client, amongst others.
+* [docs.cedalo.com] - includes documentation for both Mosquitto and Eclipse
+ Streamsheets
+
[mosquitto]:/man/mosquitto-8.html
[mosquitto.conf]:/man/mosquitto-conf-5.html
[mosquitto_passwd]:/man/mosquitto_passwd-1.html
@@ -46,3 +55,6 @@
[Using the snap package]:/documentation/using-the-snap/
[Dynamic Security plugin]:/documentation/dynamic-security/
[Migrating from 1.x to 2.0]:/documentation/migrating-to-2-0/
+
+[Steve's internet guide]: http://www.steves-internet-guide.com/
+[docs.cedalo.com]: https://docs.cedalo.com/
diff --git a/www/pages/index.html b/www/pages/index.html
index 5842835cf..6ddcb05b3 100644
--- a/www/pages/index.html
+++ b/www/pages/index.html
@@ -27,8 +27,8 @@
and mosquitto_sub command line MQTT clients.
Mosquitto is part of the Eclipse
- Foundation, is an iot.eclipse.org
- project and is sponsored by cedalo.com.
+ Foundation, and is an iot.eclipse.org
+ project. The development is driven by Cedalo.
@@ -37,42 +37,67 @@
-
Download
+
Download and Security
Mosquitto is highly portable and available for a wide range of
platforms. Go to the dedicated download
page to find the source or binaries for your platform.
Read the Change Log to find out
about recent releases.
+
+
Use the security page to find out
+ how to report vulnerabilities or responses to past security
+ issues.
-
Test
+
Test
You can have your own instance of Mosquitto running in
minutes, but to make testing even easier, the Mosquitto Project
- runs a test server at test.mosquitto.org where
+ runs a test server at
+ test.mosquitto.org where
you can test your clients in a variety of ways: plain MQTT,
- MQTT over TLS, MQTT over TLS (with client certificate),
+ MQTT over TLS, MQTT over TLS (with
+ client certificate),
MQTT over WebSockets and MQTT over WebSockets with TLS.
+
+
-
Community
+
Community
+
+
+
Support
+
Support is always available from the community channels on a
+ best effort basis. If you require commercial support,
+ Cedalo can offer support for hosted
+ or on-premise instances, consulting on the use of Mosquitto,
+ and custom development to your needs.
+
+
+
+
Related Projects
+
Paho provides MQTT
+ client library implementations in a wide variety of
+ languages.
+
Streamsheets is an
+ easy to use web based real time spreadsheet interface that can
+ be used to process incoming data from a variety of sources,
+ such as MQTT, OPC-UA, and REST. Developers and non-developers
+ can use Streamsheets to control processes and build dashboards,
+ for example. Mosquitto is a core component of Streamsheets.
+
-
Security
-
Use the security page to find out
- how to report vulnerabilities or responses to past security
- issues.
From ee1487743a870451b048e79eeecff9934ae357ca Mon Sep 17 00:00:00 2001
From: "Roger A. Light"
Date: Wed, 6 Jul 2022 16:34:43 +0100
Subject: [PATCH 09/11] Remove dead link
---
www/themes/mosquitto/templates/base_footer.tmpl | 1 -
1 file changed, 1 deletion(-)
diff --git a/www/themes/mosquitto/templates/base_footer.tmpl b/www/themes/mosquitto/templates/base_footer.tmpl
index 62693ab85..8b87c1663 100644
--- a/www/themes/mosquitto/templates/base_footer.tmpl
+++ b/www/themes/mosquitto/templates/base_footer.tmpl
@@ -9,7 +9,6 @@
@@ -70,7 +70,7 @@ Community
Talk to other users on the Mosquitto mailing list
or on Slack.
Get help from the forums.
- Cite Mosquitto in your academic work.
+ Cite Mosquitto in your academic work.
@@ -78,7 +78,7 @@ Community
Support
Support is always available from the community channels on a
best effort basis. If you require commercial support,
- Cedalo can offer support for hosted
+ Cedalo can offer support for hosted
or on-premise instances, consulting on the use of Mosquitto,
and custom development to your needs.
From ebe8624dd3d034e143b5ce876140c9b057a5c599 Mon Sep 17 00:00:00 2001
From: CastleOnTheHill
Date: Tue, 19 Jul 2022 17:12:04 +0800
Subject: [PATCH 11/11] Fix SSL_connect misuse
SSL_ERROR_SYSCALL is fatal error, should stop connection
---
lib/net_mosq.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/lib/net_mosq.c b/lib/net_mosq.c
index 22f5a313f..1d9774db2 100644
--- a/lib/net_mosq.c
+++ b/lib/net_mosq.c
@@ -573,10 +573,6 @@ int net__socket_connect_tls(struct mosquitto *mosq)
ret = SSL_connect(mosq->ssl);
if(ret != 1) {
err = SSL_get_error(mosq->ssl, ret);
- if (err == SSL_ERROR_SYSCALL) {
- mosq->want_connect = true;
- return MOSQ_ERR_SUCCESS;
- }
if(err == SSL_ERROR_WANT_READ){
mosq->want_connect = true;
/* We always try to read anyway */