Skip to content

feat(mqtt): enable custom TLS cipher suites for MQTTs (IDFGH-15198) #298

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat(mqtt): enable custom TLS cipher suites for MQTTs (IDFGH-15198) #298

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions include/mqtt_client.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -264,6 +264,8 @@ typedef struct esp_mqtt_client_config_t {
If NULL, server certificate CN must match hostname.
This is ignored if skip_cert_common_name_check=true.
It's not copied nor freed by the client, user needs to clean up.*/
const int *ciphersuites_list; /*!< Pointer to a zero-terminated array of IANA identifiers of TLS cipher suites.
Please ensure the validity of the list, and note that it is not copied or freed by the client. */
} verification; /*!< Security verification of the broker */
} broker; /*!< Broker address and security verification */
/**
Expand Down
1 change: 1 addition & 0 deletions lib/include/mqtt_client_priv.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ typedef struct {
int clientkey_password_len;
bool use_global_ca_store;
esp_err_t ((*crt_bundle_attach)(void *conf));
const int *ciphersuites_list;
const char *cacert_buf;
size_t cacert_bytes;
const char *clientcert_buf;
Expand Down
7 changes: 7 additions & 0 deletions mqtt_client.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,12 @@ static esp_err_t esp_mqtt_set_ssl_transport_properties(esp_transport_list_handle
goto esp_mqtt_set_transport_failed);

}

if(cfg->ciphersuites_list)
{
esp_transport_ssl_set_ciphersuites_list(ssl,cfg->ciphersuites_list);
}

if (cfg->psk_hint_key) {
#if defined(MQTT_SUPPORTED_FEATURE_PSK_AUTHENTICATION) && MQTT_ENABLE_SSL
#ifdef CONFIG_ESP_TLS_PSK_VERIFICATION
Expand Down Expand Up @@ -564,6 +570,7 @@ esp_err_t esp_mqtt_set_config(esp_mqtt_client_handle_t client, const esp_mqtt_cl
client->config->cacert_bytes = config->broker.verification.certificate_len;
client->config->psk_hint_key = config->broker.verification.psk_hint_key;
client->config->crt_bundle_attach = config->broker.verification.crt_bundle_attach;
client->config->ciphersuites_list = config->broker.verification.ciphersuites_list;
client->config->clientcert_buf = config->credentials.authentication.certificate;
client->config->clientcert_bytes = config->credentials.authentication.certificate_len;
client->config->clientkey_buf = config->credentials.authentication.key;
Expand Down
Loading