Re: [mosquitto-dev] tls/ssl clients and default clients

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [mosquitto-dev] tls/ssl clients and default clients

From: Karl Palsson <karlp@xxxxxxxxxxxx>
Date: Tue, 02 Aug 2016 09:50:55 -0000
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/mosquitto-dev>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>
Openpgp: id=9F020B9C40DA5E6F2CAF63B319A8B50FD4D5CAF6; preference=signencrypt

security settings such as tls only affect how you connect to the
broker. Once you're connected to the broker, it's all the same.
You need to look at topic acls and perhaps mount points, or
simply separate brokers if you're trying to keep clients separate
based on how they connect.


stevan bugadzija <stevazzz@xxxxxxxxx> wrote:
> hi guys,
> Iam developing some client handler app in c and i have some
> uncertainties with how mosquitto broker should work, for test i
> use two ssl and two default clients like this: default
> subscribe client: mosquitto_sub -t "clihandler" -p 1883
> 
> same using tls/ssl
> mosquitto_sub -h localhost -p 8883 -t clihandler --cafile
> ~/Documents/enkripcija/localPKI/ca.crt --cert
> ~/Documents/enkripcija/localPKI/client.crt --key
> ~/Documents/enkripcija/localPKI/client.key and two publish
> clients: mosquitto_pub -t clihandler -m "test from default
> client"
> 
> mosquitto_pub -h localhost -p 8883 -d -t clihandler -m "test
> from ssl client" --cafile
> ~/Documents/enkripcija/localPKI/ca.crt --cert
> ~/Documents/enkripcija/localPKI/client.crt --key
> ~/Documents/enkripcija/localPKI/client.key and behavior is that
> when i publish with ssl publisher i got message on both tls/ssl
> sub and default sub client. This is strange because i shouldn't
> get message on default sub client? or i am missing something?
> and second is when i pub with default pub client i also get
> message on both tls/ssl and default client? Is this default
> behavior since what is the purpose of encryption if i can only
> listen to topic as non ssl client and get the traffic? i use
> 1.48 mosquitto broker on ubuntu 14.04 lts my mosquitto.conf for
> ssl, default listener is listener 8883 cafile
> /home/satos/Documents/enkripcija/localPKI/ca.crtcertfile
> /home/satos/Documents/enkripcija/localPKI/AtosVM.crtkeyfile
> /home/satos/Documents/enkripcija/localPKI/AtosVM.key
> require_certificate true listener 1883 thanks in advance for
> any suggestion stevan
> 
> 
> 
> 
> 
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or
> unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev

Attachment: signature.asc
Description: OpenPGP Digital Signature

References:
- [mosquitto-dev] tls/ssl clients and default clients
  - From: stevan bugadzija

Prev by Date: [mosquitto-dev] tls/ssl clients and default clients
Next by Date: Re: [mosquitto-dev] How to create users using php or javascript in mosquitto
Previous by thread: [mosquitto-dev] tls/ssl clients and default clients
Next by thread: [mosquitto-dev] Mosquitto installed, but can't find 'mosquitto.h'
Index(es):
- Date
- Thread

Breadcrumbs