[lwip-devel] [bug #56098] Support for MQTT over TLS port 443 instead of

lwip-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #56098] Support for MQTT over TLS port 443 instead of

From:	Richmond Umagat
Subject:	[lwip-devel] [bug #56098] Support for MQTT over TLS port 443 instead of 8883
Date:	Mon, 8 Apr 2019 08:19:50 -0400 (EDT)
User-agent:	Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36

URL:
  <https://savannah.nongnu.org/bugs/?56098>

                 Summary: Support for MQTT over TLS port 443 instead of 8883
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: richmond_umagat
            Submitted on: Mon 08 Apr 2019 12:19:48 PM UTC
                Category: apps
                Severity: 3 - Normal
              Item Group: Feature Request
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None
            lwIP version: git head

    _______________________________________________________

Details:

To enable MQTT over TLS port 443 (instead of 8883), altcp_tls_mbedtls must
provide a way to configure ALPN TLS extension.

This is essential as MQTT port 8883 is often blocked by IT departments and
designers of routers. In fact, we encounter the issue in our Singapore office.
For more info, refer to
https://aws.amazon.com/blogs/iot/mqtt-with-tls-client-authentication-on-port-443-why-it-is-useful-and-how-it-works/

Below is a suggested API to be added in altcp_tls_mbedtls.c that can be called
by users after calling altcp_tls_create_config_client or
altcp_tls_create_config_client_2wayauth.


#if defined(ALTCP_MBEDTLS_ALPN_ENABLE)
int altcp_tls_conf_alpn_protocols(struct altcp_tls_config *conf, const char
**protos)
{
#if defined(MBEDTLS_SSL_ALPN)
    int ret = mbedtls_ssl_conf_alpn_protocols(&conf->conf, protos);
    if (ret != 0) {
        LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_ssl_conf_alpn_protocols
failed: %d\n", ret));
    }

    return ret;
#else
    return -1;
#endif
}
#endif


This has been tested working on AWS IoT cloud:

static const char *g_alpn_protocols[] = { "x-amzn-mqtt-ca", NULL };
tls_config = altcp_tls_create_config_client(ca, ca_len);
altcp_tls_conf_alpn_protocols(tls_config, g_alpn_protocols);




    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?56098>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-devel] [bug #56098] Support for MQTT over TLS port 443 instead of 8883, Richmond Umagat <=
- [lwip-devel] [bug #56098] Support for MQTT over TLS port 443 instead of 8883, Dirk Ziegelmeier, 2019/04/30

Prev by Date: [lwip-devel] [bug #56077] len member wrong in pool allocated pbuf
Next by Date: [lwip-devel] [patch #9784] mdns_resp_add_service: fix the max services guard.
Previous by thread: [lwip-devel] [bug #56077] len member wrong in pool allocated pbuf
Next by thread: [lwip-devel] [bug #56098] Support for MQTT over TLS port 443 instead of 8883
Index(es):
- Date
- Thread