Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] Request for support on mosquitto package
Hi Karl,

Thanks for the input.

To simplify the question. We would like to hook a preconfigured EVP_PKEY (created in a custom C .so file) within the same process space, to the OpenSSL ctx calls that the Mosquitto package uses. More specifically using the lua binded API to mosquitto to hook onto a certain openssl. Perhaps it can hook onto a global pkey within the process space. I'm sure there are multiple ways to approach this problem. Please forgive me as my development with OpenSSL is still new.

Thanks,
Emilio


On Wed, Aug 30, 2017 at 11:58 AM, Karl Palsson <karlp@xxxxxxxxxxxx> wrote:

You can make this question a lot simpler by leaving the lua
bindings out of it :)

Talk about how you would solve this problem with the libmosquitto
API, and what may or may not need to be added there, and _then_
we can easily add that to the lua bindings. (It's still great to
see other people using the lua bindings!)

Sincerely,
Karl Palsson


Emilio Lopez <eslopez92@xxxxxxxxx> wrote:
> Hi there!
>
> I am a software engineer, and our company (Technicolor) is
> using the Eclipse mosquitto package. We think that this package
> is great! Unfortunately, due to customer requirements, there is
> a constraint to this package, and would like some
> insight/feedback. I have read through the man pages and the
> community forms but have come short.
>
> *How we are using mosquitto:*
> We are using the LUA API library to the mosquitto package as an
> MQTT client. The version is *mosquitto-1.4.12*
>
> *Problem:*
> Currently we are using the lua binded function
> mosquitto:tls_set(nil, caPath, certPath, keyFilePath) to
> leverage a secure connection. For security reasons, we need to
> use a custom made OpenSSL EVP_PKEY structure. That key is
> generated in a separate C module.
>
> *Our Proposed Work Around:*
> Due to short term deadlines we thought of a work around.
>
>    1. Create the EVP_PKEY struct in a separate C Shared Object file
>    2. Pass the key onto the LUA Stack (Using userdata)
>    3. Pass that key from our LUA application to the mosquitto LUA tls_set()
>    funciton (Which goes  back to the c libaries)
>    4. Used that passed EVP_PKEY and ignore the keyfile string value within
>    the mosquitto code.
>
>
> The above requires a custom made patch to the mosquitto code,
> which is not ideal for long term support. Our work around is
> temporary but we would like some advice on how to approach this
> particular issue. Perhaps an alternate solution is to have a
> ssl_ctx callback function, similar to libcurl?
>
> Your time and input is greatly appreciated!
>
> Thanks,
> Emilio
>
> p.s. I tried registering with my company email
> (emilio.lopez@xxxxxxxxxxxxxxx) but never received a
> confirmation email.
> _______________________________________________ mosquitto-dev
> mailing list mosquitto-dev@xxxxxxxxxxx To change your delivery
> options, retrieve your password, or unsubscribe from this list,
> visit https://dev.eclipse.org/mailman/listinfo/mosquitto-dev

Back to the top