[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #56098] Support for MQTT over TLS port 443 instead of
From: |
Richmond Umagat |
Subject: |
[lwip-devel] [bug #56098] Support for MQTT over TLS port 443 instead of 8883 |
Date: |
Mon, 8 Apr 2019 08:19:50 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36 |
URL:
<https://savannah.nongnu.org/bugs/?56098>
Summary: Support for MQTT over TLS port 443 instead of 8883
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: richmond_umagat
Submitted on: Mon 08 Apr 2019 12:19:48 PM UTC
Category: apps
Severity: 3 - Normal
Item Group: Feature Request
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release: None
lwIP version: git head
_______________________________________________________
Details:
To enable MQTT over TLS port 443 (instead of 8883), altcp_tls_mbedtls must
provide a way to configure ALPN TLS extension.
This is essential as MQTT port 8883 is often blocked by IT departments and
designers of routers. In fact, we encounter the issue in our Singapore office.
For more info, refer to
https://aws.amazon.com/blogs/iot/mqtt-with-tls-client-authentication-on-port-443-why-it-is-useful-and-how-it-works/
Below is a suggested API to be added in altcp_tls_mbedtls.c that can be called
by users after calling altcp_tls_create_config_client or
altcp_tls_create_config_client_2wayauth.
#if defined(ALTCP_MBEDTLS_ALPN_ENABLE)
int altcp_tls_conf_alpn_protocols(struct altcp_tls_config *conf, const char
**protos)
{
#if defined(MBEDTLS_SSL_ALPN)
int ret = mbedtls_ssl_conf_alpn_protocols(&conf->conf, protos);
if (ret != 0) {
LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_ssl_conf_alpn_protocols
failed: %d\n", ret));
}
return ret;
#else
return -1;
#endif
}
#endif
This has been tested working on AWS IoT cloud:
static const char *g_alpn_protocols[] = { "x-amzn-mqtt-ca", NULL };
tls_config = altcp_tls_create_config_client(ca, ca_len);
altcp_tls_conf_alpn_protocols(tls_config, g_alpn_protocols);
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/bugs/?56098>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/
- [lwip-devel] [bug #56098] Support for MQTT over TLS port 443 instead of 8883,
Richmond Umagat <=