From 15f6d0bee66c98565144fc6f0708f7e256a66986 Mon Sep 17 00:00:00 2001
From: Rob Swindell <rob@synchro.net>
Date: Tue, 20 Dec 2022 17:52:36 -0800
Subject: [PATCH] Add MQTT TLS support
---
src/sbbs3/scfgdefs.h | 13 +++++++++++++
src/sbbs3/scfglib1.c | 15 +++++++++++----
src/sbbs3/scfgsave.c | 8 ++++++++
3 files changed, 32 insertions(+), 4 deletions(-)
diff --git a/src/sbbs3/scfgdefs.h b/src/sbbs3/scfgdefs.h
index 686451d5cc..5893b94d32 100644
--- a/src/sbbs3/scfgdefs.h
+++ b/src/sbbs3/scfgdefs.h
@@ -374,6 +374,19 @@ struct mqtt_cfg {
int subscribe_qos;
int protocol_version;
int log_level;
+ struct {
+ enum {
+ MQTT_TLS_DISABLED,
+ MQTT_TLS_CERT,
+ MQTT_TLS_PSK
+ } mode;
+ char cafile[256];
+ char certfile[256];
+ char keyfile[256];
+ char keypass[256];
+ char psk[256];
+ char identity[256];
+ } tls;
};
typedef struct
diff --git a/src/sbbs3/scfglib1.c b/src/sbbs3/scfglib1.c
index 80a009d2dc..6cfc349f50 100644
--- a/src/sbbs3/scfglib1.c
+++ b/src/sbbs3/scfglib1.c
@@ -208,11 +208,18 @@ BOOL read_main_cfg(scfg_t* cfg, char* error, size_t maxerrlen)
SAFECOPY(cfg->mqtt.password, iniGetString(section, NULL, "password", "", value));
SAFECOPY(cfg->mqtt.broker_addr, iniGetString(section, NULL, "broker_addr", "127.0.0.1", value));
cfg->mqtt.broker_port = iniGetUInt16(section, NULL, "broker_port", IPPORT_MQTT);
- cfg->mqtt.keepalive = iniGetInteger(section, NULL, "keepalive", 5 * 60); // 5 minutes
- cfg->mqtt.publish_qos = iniGetInteger(section, NULL, "publish_qos", 0);
- cfg->mqtt.subscribe_qos = iniGetInteger(section, NULL, "subscribe_qos", 2);
- cfg->mqtt.protocol_version = iniGetInteger(section, NULL, "protocol_version", 5);
+ cfg->mqtt.keepalive = iniGetIntInRange(section, NULL, "keepalive", 5, 60, INT_MAX); // seconds
+ cfg->mqtt.publish_qos = iniGetIntInRange(section, NULL, "publish_qos", 0, 0, 2);
+ cfg->mqtt.subscribe_qos = iniGetIntInRange(section, NULL, "subscribe_qos", 0, 2, 2);
+ cfg->mqtt.protocol_version = iniGetIntInRange(section, NULL, "protocol_version", 3, 5, 5);
cfg->mqtt.log_level = iniGetLogLevel(section, NULL, "LogLevel", LOG_INFO);
+ cfg->mqtt.tls.mode = iniGetIntInRange(section, NULL, "tls_mode", MQTT_TLS_DISABLED, MQTT_TLS_DISABLED, MQTT_TLS_PSK);
+ SAFECOPY(cfg->mqtt.tls.cafile, iniGetString(section, NULL, "tls_cafile", "", value));
+ SAFECOPY(cfg->mqtt.tls.certfile, iniGetString(section, NULL, "tls_certfile", "", value));
+ SAFECOPY(cfg->mqtt.tls.keyfile, iniGetString(section, NULL, "tls_keyfile", "", value));
+ SAFECOPY(cfg->mqtt.tls.keypass, iniGetString(section, NULL, "tls_keypass", "", value));
+ SAFECOPY(cfg->mqtt.tls.psk, iniGetString(section, NULL, "tls_psk", "", value));
+ SAFECOPY(cfg->mqtt.tls.identity, iniGetString(section, NULL, "tls_identity", "", value));
/***********/
/* Modules */
diff --git a/src/sbbs3/scfgsave.c b/src/sbbs3/scfgsave.c
index 554817f4ad..ae5d28656c 100644
--- a/src/sbbs3/scfgsave.c
+++ b/src/sbbs3/scfgsave.c
@@ -219,6 +219,14 @@ BOOL write_main_cfg(scfg_t* cfg, int backup_level)
iniSetString(&ini, name, "Username", cfg->mqtt.username, NULL);
iniSetString(&ini, name, "Password", cfg->mqtt.password, NULL);
iniSetLogLevel(&ini, name , "LogLevel", cfg->mqtt.log_level, NULL);
+ // TLS
+ iniSetInteger(&ini, name, "TLS_mode", cfg->mqtt.tls.mode, NULL);
+ iniSetString(&ini, name, "TLS_cafile", cfg->mqtt.tls.cafile, NULL);
+ iniSetString(&ini, name, "TLS_certfile", cfg->mqtt.tls.certfile, NULL);
+ iniSetString(&ini, name, "TLS_keyfile", cfg->mqtt.tls.keyfile, NULL);
+ iniSetString(&ini, name, "TLS_keypass", cfg->mqtt.tls.keypass, NULL);
+ iniSetString(&ini, name, "TLS_psk", cfg->mqtt.tls.psk, NULL);
+ iniSetString(&ini, name, "TLS_identity", cfg->mqtt.tls.identity, NULL);
}
{
--
GitLab