Re: [paho-dev] MQTTClient_SSLOptions scenarios

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [paho-dev] MQTTClient_SSLOptions scenarios - Paho C Client

From: Ben Kinsella <kinsella.ben@xxxxxxxxx>
Date: Mon, 24 Aug 2015 17:33:56 +0100
Delivered-to: paho-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/paho-dev>
List-help: <mailto:paho-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/paho-dev>, <mailto:paho-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/paho-dev>, <mailto:paho-dev-request@eclipse.org?subject=unsubscribe>

Following up on an earlier thread, I have tried running test3.c in order to understand the various SSL/TLS configuration scenarios.

With the default Options (i.e. testing against the m2m.eclipse.org broker) this is what I get:

Test	Description	Assertions	Failures	serverURI
1	connection to nonSSL MQTT server	2	0	options.connection
2a_s	Mutual SSL authentication - single threaded client using receive	2	1	options.server_auth_connection
2a_m	Mutual SSL authentication - multi-threaded client using callbacks	3	1	options.mutual_auth_connection
2b	connection to SSL MQTT server with clientauth=req but server does not have client cert	2	0	options.nocert_mutual_auth_connection
2c	connection to SSL MQTT server, server auth enabled but unknown cert	2	0	options.mutual_auth_connection
3a_s	Server authentication - single threaded client using receive	2	1	options.server_auth_connection
3a_m	Server authentication - multi-threaded client using callbacks	3	1	options.server_auth_connection
3b	connection to SSL MQTT server with clientauth=opt but client does not have server cert	2	0	options.server_auth_connection
4_s	accept invalid server certificates - single threaded	2	1	options.server_auth_connection
4_m	accept invalid server certificates - multi-threaded	3	1	options.server_auth_connection

The failures are all on MQTTClient_connect().

Questions:

* On failure, the return code (rc) is always -120150824. What does this mean?

* Is the documentation out of sync with the code? Doxygen says MQTTClient_connect() error codes are 1,2,3,4,5, etc. MQTTClient.h has #define's for negative numbers (but nothing like -120150824)

* I noticed that test5a, 5b, 5c make use of options.anon_connection. But these are commented out in line 1526. Why?

Thanks,

Ben.

------------------------------

Message: 3
Date: Fri, 14 Aug 2015 05:14:08 -0500
From: Adam Scally <ascally@xxxxxxxxxxx>
To: General development discussions for paho project
<paho-dev@xxxxxxxxxxx>
Subject: Re: [paho-dev] MQTTClient_SSLOptions scenarios - Paho C
Client
Message-ID:
<AF7218889FF2204DBF5C75F95B5EE26432AC5671EF@xxxxxxxxxxxxxxxxxxxxxxxxxxx>

Content-Type: text/plain; charset="us-ascii"

Thanks Al

-----Original Message-----
From: paho-dev-bounces@xxxxxxxxxxx [mailto:paho-dev-bounces@xxxxxxxxxxx] On Behalf Of Al S-M
Sent: 14 August 2015 10:12
To: paho-dev@xxxxxxxxxxx
Subject: Re: [paho-dev] MQTTClient_SSLOptions scenarios - Paho C Client

If you look at test/test3.c in the paho C client source code there are tests there that test all the scenarios you mention which you could use as examples.
http://git.eclipse.org/c/paho/org.eclipse.paho.mqtt.c.git/tree/test/test3.c

Al

On 14/08/15 10:05, Adam Scally wrote:
> Hi,
>
> Just a general question on the 3 different MQTTClient_SSLOptions
> scenarios which are explained on the paho C client page:
>
> /"//Server authentication: The client needs the digital certificate of
> the server. It is included in a store containting trusted material
> (also known as "trust store")./
>
> /Mutual authentication: Both client and server are authenticated
> during the SSL handshake. In addition to the digital certificate of
> the server in a trust store, the client will need its own digital
> certificate and the private key used to sign its digital certificate
> stored in a "key store"./
>
> /Anonymous connection: Both client and server do not get authenticated
> and no credentials are needed to establish an SSL connection. Note
> that this scenario is not fully secure since it is subject to
> man-in-the-middle attacks."/
>
> My application is now successfully supporting MQTT over TLS (thanks to
> this mailing list). My question is how do I test each scenario which
> is stated above?
>
> Am I right in saying:
>
> For server authentication: the trustStore parameter is set and
> enableServerCertAuth is true. The client Keystore and PrivateKey are
> not set?
>
> For Mutual authentication: the trustStore, Keystore, PrivateKey and
> PrivateKeyPassword parameters are set. The enableServerCertAuth is true.
>
> For Anonymous connection: the trustStore, Keystore, PrivateKey and
> PrivateKeyPassword parameters are not set. The enableServerCertAuth is
> false.
>
> Sorry for the long winded question I just want to fully understand
> exactly what I am setting for configuration purposes. Thank you.
>
> Best Regards,
>
> Adam
>
>
>
> _______________________________________________
> paho-dev mailing list
> paho-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or
> unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/paho-dev
>
_______________________________________________

Follow-Ups:
- Re: [paho-dev] MQTTClient_SSLOptions scenarios - Paho C Client
  - From: Ian Craggs

Prev by Date: [paho-dev] Git tags and Gerrit
Next by Date: Re: [paho-dev] MQTTClient_SSLOptions scenarios - Paho C Client
Previous by thread: Re: [paho-dev] MQTTClient_SSLOptions scenarios - Paho C Client
Next by thread: Re: [paho-dev] MQTTClient_SSLOptions scenarios - Paho C Client
Index(es):
- Date
- Thread

Breadcrumbs