Openssl engine support - revisited #915

- Clients can now offload crypto tasks to an external crypto device through the OpenSSL ENGINE API. - The keyfiles can now be treated as PEM or ENGINE keys. - Two new functions were added to libmosquitto to set up the previously mentioned features. - Both mosquitto_sub and mosquitto_pub include support to turn on the mentioned features through command line options. Signed-off-by: Nicolás Pernas Maradei <[email protected]>

Add same OpenSSL engine support to mosquitto (server side) previously added to client side only. Signed-off-by: Nicolás Pernas Maradei <[email protected]>

Some OpenSSL engines (selectable via tls_engine option) may require a password to make use of private keys created with them in the first place. The TPM engine for example, will require a password to access the underlying TPM's Storage Root Key (SRK), which is the root key of a hierarchy of keys associated with a TPM; it is generated within a TPM and is a non-migratable key. Each owned TPM contains a SRK, generated by the TPM at the request of the Owner. [1] By default, the engine will prompt the user to introduce the SRK password before any private keys created with the engine can be used. This could be inconvenient when running on an unattended system. Here's where the new tls_engine_kpass_sha option comes in handy. The user can specify a SHA1 hash of its engine private key password via command line or config file and it will be passed on to the engine directly. This commit adds support for both clients (libmosquitto) and broker. [1] https://goo.gl/qQoXBY Signed-off-by: Nicolás Pernas Maradei <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Openssl engine support - revisited #915

Openssl engine support - revisited #915

Commits on Aug 11, 2018