Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add basics of TLS support #6

Merged
merged 15 commits into from
Dec 5, 2013
Merged

Add basics of TLS support #6

Changes from 1 commit
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
eb1bec6
First attempt at setTlsCertificates
mgdm Nov 1, 2013
8d982a7
Merge branch 'master' into tls
mgdm Nov 3, 2013
d1a4dbd
Initial commit of TLS functions
mgdm Nov 4, 2013
8446d51
Start adding documentation to README
mgdm Nov 4, 2013
64cac73
Merge branch 'master' into tls
mgdm Nov 23, 2013
bb311bd
Merge branch 'master' of github.com:mgdm/Mosquitto-PHP into tls
mgdm Dec 3, 2013
fbabab8
Actually assign the parameter to the array
mgdm Dec 4, 2013
9a9bdb5
Handle open_basedir checks
mgdm Dec 4, 2013
0f337ee
Merge branch 'master' of github.com:mgdm/Mosquitto-PHP into tls
mgdm Dec 4, 2013
35d477f
Add callback to handle encrypted client keys
mgdm Dec 4, 2013
fddbc19
Fix argument types for setTlsPSK
mgdm Dec 4, 2013
f448675
Describe how to handle encrypted certificates
mgdm Dec 4, 2013
db18dba
Merge branch 'master' into tls
mgdm Dec 5, 2013
d3f7a17
Add SSL-related constants
mgdm Dec 5, 2013
74647c8
Document SSL options
mgdm Dec 5, 2013
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
Prev Previous commit
Document SSL options
  • Loading branch information
@mgdm
mgdm committed Dec 5, 2013
commit 74647c8ee3f13b94821690e70448f4a17fd11cc9
35 changes: 35 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,41 @@ you will have to enter the password at the command line.

| Parameter | Type | Description |
| --- | --- | ---- |
| capath | string | Path to the PEM encoded trusted CA certificate files, or to a directory containing them |
| certfile | string | Path to the PEM encoded certificate file for this client. Optional. |
| keyfile | string | Path to a file containing the PEM encoded private key for this client. Required if certfile is set. |
| password | string | The password for the keyfile, if it is encrypted. If null, the password will be asked for on the command line. |

#### setTlsInsecure

Configure verification of the server hostname in the server certificate. If
value is set to true, it is impossible to guarantee that the host you are
connecting to is not impersonating your server. Do not use this function in
a real system. Must be called before connect().

| Parameter | Type | Description |
| --- | --- | ---- |
| value | boolean | If set to false, the default, certificate hostname checking is performed. If set to true, no hostname checking is performed and the connection is insecure. |

#### setTlsOptions

Set advanced SSL/TLS options. Must be called before connect().

| Parameter | Type | Description |
| --- | --- | ---- |
| certReqs | int | Whether or not to verify the server. Can be Mosquitto\Client::SSL_VERIFY_NONE, to disable certificate verification, or Mosquitto\Client::SSL_VERIFY_PEER (the default), to verify the server certificate. |
| tlsVersion | string | The TLS version to use. If NULL, a default is used. The default value depends on the version of OpenSSL the library was compiled against. Available options on OpenSSL >= 1.0.1 are 'tlsv1.2', 'tlsv1.1' and 'tlsv1'. |
| cipers | string | A string describing the ciphers available for use. See the `openssl ciphers` tool for more information. If NULL, the default set will be used. |

#### setTlsPSK

Configure the client for pre-shared-key based TLS support. Must be called before connect(). Cannot be used in conjunction with setTlsCertificates.

| Parameter | Type | Description |
| --- | --- | ---- |
| psk | string | The pre-shared key in hex format with no leading "0x".
| identity | string " The identity of this client. May be used as the username depending on server settings. |
| cipers | string | A string describing the ciphers available for use. See the `openssl ciphers` tool for more information. If NULL, the default set will be used. |

#### setWill

Expand Down