paho.mqtt.c icon indicating copy to clipboard operation
paho.mqtt.c copied to clipboard

Published 20 hours ago verified publisher icon eclipse

add new option to use Windows Certificate Store

Open jumoog opened this issue 5 years ago • 6 comments

It's only available for Windows builds and off by default.

Thank you for your interest in this project managed by the Eclipse Foundation.

The guidelines for contributions can be found in the CONTRIBUTING.md file.

At a minimum, you must sign the Eclipse ECA, and sign off each commit.

To complete and submit a ECA, log into the Eclipse projects forge You will need to create an account with the Eclipse Foundation if you have not already done so. Be sure to use the same email address when you register for the account that you intend to use when you commit to Git. Go to https://accounts.eclipse.org/user/eca to sign the Eclipse ECA.

jumoog avatar Jul 25 '20 21:07 jumoog

tested with ssl://broker.emqx.io:8883

useWindowsCaStore = 0 -> CA Verify failed useWindowsCaStore = 1 -> CA Verify passed

pull request for #923

jumoog avatar Jul 25 '20 21:07 jumoog

source: https://android.googlesource.com/platform/external/wpa_supplicant/+/refs/heads/master/tls_openssl.c

jumoog avatar Jul 26 '20 11:07 jumoog

Thank you. Looks good.

icraggs avatar Sep 01 '20 10:09 icraggs

i'll do some cleanup

jumoog avatar Sep 01 '20 11:09 jumoog

@icraggs i'm working on a testcase for windows ca. It's okay to use ssl://test.mosquitto.org:8081 for the Test? Port 8081 has a Lets Encrypt certificate. As a test, i would try to connect to the broker. Once without useWindowsCaStore and once with useWindowsCaStore. The connection without useWindowsCaStore should fail and with useWindowsCaStore the connection should work.

jumoog avatar Apr 09 '21 08:04 jumoog

@icraggs i'm working on a testcase for windows ca. It's okay to use ssl://test.mosquitto.org:8081 for the Test? Port 8081 has a Lets Encrypt certificate. As a test, i would try to connect to the broker. Once without useWindowsCaStore and once with useWindowsCaStore. The connection without useWindowsCaStore should fail and with useWindowsCaStore the connection should work.

I'd prefer to use the Paho test broker like all the other tests. I presume this only changes where the certificates are stored, so the same certificates should be able to be used as are for the other TLS/SSL tests?

icraggs avatar Apr 12 '21 10:04 icraggs

I don't have a good test case for this patch and since I need my own fork anyway I'll just maintain the patch at my fork.

jumoog avatar Feb 12 '23 22:02 jumoog

closed in favour of #1353

jumoog avatar Apr 27 '23 21:04 jumoog