[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [mosquitto-dev] additional TLS verification with libmosquitto
|
Hi Peter,
It's not quite what you're asking, but you can use
`mosquitto_opts_set(mosq, MOSQ_OPT_SSL_CTX, ssl_ctx)` to pass your own
SSL_CTX instance for use when creating the SSL connection. You can
configure this exactly as you want of course.
MOSQ_OPT_SSL_CTX_WITH_DEFAULTS is also worth looking at here.
I don't see a problem with adding in a function for getting hold of mosq->ssl.
Regards,
Roger
On Thu, 10 Sep 2020 at 15:04, Peter Korsgaard <peter@xxxxxxxxxxxxx> wrote:
>
> Hi,
>
> I may be missing something, but I don't quite see an interface to do
> additional TLS peer verification with libmosquitto, E.G. certificate or
> public key pinning?
>
> I was expecting to be able to setup a custom verify hostname to get
> triggered from mosquitto__server_certificate_verify() or have a way to
> get to mosq->ssl from the on_connect callback, but I don't see it?
>
> Is this just hiding somewhere or is it missing? If so, what would be a
> suitable API? Something like mosquitto_tls_get() to access mosq->ssl?
>
> --
> Bye, Peter Korsgaard
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev
