paho.mqtt.python
paho.mqtt.python copied to clipboard
eclipse
insecure key from tls dict automatically removed after single() or multiple()
Publishing to with tls { 'insecure' = True } set to true when using single() or multiple() results in the dict 'insecure' key being removed after the publish automatically.
This is on multiple machines with paho-mqtt 1.5.1
With the following code:
import paho.mqtt.publish as mqttpub
mqtt_host = "<hostname>"
mqtt_port = 8883
mqtt_username = "<username>"
mqtt_password = "<password>"
mqtt_cacert = "/home/castle/myca.crt"
mqtt_tls_insecure = True
mqtt_auth_obj = { 'username': mqtt_username, 'password': mqtt_password }
mqtt_tls_obj = { 'ca_certs': mqtt_cacert, 'insecure': mqtt_tls_insecure }
multiple = []
multiple.append(("test/topic", "testpayload", 0, False))
print ("MQTT Single Publish Test:")
print(f"Insecure TLS Key Pre publish single(): {str(mqtt_tls_obj)}")
mqttpub.single(multiple[0][0], multiple[0][1], multiple[0][2], multiple[0][3],
hostname=mqtt_host, port=mqtt_port, auth=mqtt_auth_obj, tls=mqtt_tls_obj)
print(f"Insecure TLS Key POST publish single(): {str(mqtt_tls_obj)}")
mqtt_tls_obj = { 'ca_certs': mqtt_cacert, 'insecure': mqtt_tls_insecure }
print("TLS Dict Object Reset")
print ("MQTT Multiple Publish Test:")
print(f"Insecure TLS Key Pre publish multiple(): {str(mqtt_tls_obj)}")
mqttpub.multiple(multiple, hostname=mqtt_host, port=mqtt_port, auth=mqtt_auth_obj, tls=mqtt_tls_obj)
print(f"Insecure TLS Key POST publish multiple(): {str(mqtt_tls_obj)}")
The resulting output is:
MQTT Single Publish Test:
Insecure TLS Key Pre publish single(): {'ca_certs': '/home/castle/myca.crt', 'insecure': True}
Insecure TLS Key POST publish single(): {'ca_certs': '/home/castle/myca.crt'}
TLS Dict Object Reset
MQTT Multiple Publish Test:
Insecure TLS Key Pre publish multiple(): {'ca_certs': '/home/castle/myca.crt', 'insecure': True}
Insecure TLS Key POST publish multiple(): {'ca_certs': '/home/castle/myca.crt'}
A followup test was done to see result with 'insecure' = False. Outcome behavior is the same as insecure key is removed.
print(f"Insecure TLS Key Pre publish multiple(): {str(mqtt_tls_obj)}")
try:
mqttpub.multiple(multiple, hostname=mqtt_host, port=mqtt_port, auth=mqtt_auth_obj, tls=mqtt_tls_obj)
except Exception as e:
print(str(e))
print(f"Insecure TLS Key POST publish multiple(): {str(mqtt_tls_obj)}")
Result:
MQTT Multiple Publish Test: Insecure TLS Key Pre publish multiple(): {'ca_certs': '/home/itchy/myca.crt', 'insecure': False} [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'castle1.lan'. (_ssl.c:1129) Insecure TLS Key POST publish multiple(): {'ca_certs': '/home/itchy/myca.crt'}
This will be due to insecure = tls.pop('insecure', False) in the following:
if tls is not None:
if isinstance(tls, dict):
insecure = tls.pop('insecure', False)
client.tls_set(**tls)
if insecure:
# Must be set *after* the `client.tls_set()` call since it sets
# up the SSL context that `client.tls_insecure_set` alters.
client.tls_insecure_set(insecure)
else:
# Assume input is SSLContext object
client.tls_set_context(tls)
I'm going to flag this as an bug (it's open to interpretation but the fix should be pretty simple).
