[bug #56098] Support for MQTT over TLS port 443 instead of 8883

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[bug #56098] Support for MQTT over TLS port 443 instead of 8883

Wilfred
URL:
  <https://savannah.nongnu.org/bugs/?56098>

                 Summary: Support for MQTT over TLS port 443 instead of 8883
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: richmond_umagat
            Submitted on: Mon 08 Apr 2019 12:19:48 PM UTC
                Category: apps
                Severity: 3 - Normal
              Item Group: Feature Request
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None
            lwIP version: git head

    _______________________________________________________

Details:

To enable MQTT over TLS port 443 (instead of 8883), altcp_tls_mbedtls must
provide a way to configure ALPN TLS extension.

This is essential as MQTT port 8883 is often blocked by IT departments and
designers of routers. In fact, we encounter the issue in our Singapore office.
For more info, refer to
https://aws.amazon.com/blogs/iot/mqtt-with-tls-client-authentication-on-port-443-why-it-is-useful-and-how-it-works/

Below is a suggested API to be added in altcp_tls_mbedtls.c that can be called
by users after calling altcp_tls_create_config_client or
altcp_tls_create_config_client_2wayauth.


#if defined(ALTCP_MBEDTLS_ALPN_ENABLE)
int altcp_tls_conf_alpn_protocols(struct altcp_tls_config *conf, const char
**protos)
{
#if defined(MBEDTLS_SSL_ALPN)
    int ret = mbedtls_ssl_conf_alpn_protocols(&conf->conf, protos);
    if (ret != 0) {
        LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_ssl_conf_alpn_protocols
failed: %d\n", ret));
    }

    return ret;
#else
    return -1;
#endif
}
#endif


This has been tested working on AWS IoT cloud:

static const char *g_alpn_protocols[] = { "x-amzn-mqtt-ca", NULL };
tls_config = altcp_tls_create_config_client(ca, ca_len);
altcp_tls_conf_alpn_protocols(tls_config, g_alpn_protocols);




    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?56098>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

[bug #56098] Support for MQTT over TLS port 443 instead of 8883

Wilfred
Update of bug #56098 (project lwip):

                  Status:                    None => Fixed                  
             Open/Closed:                    Open => Closed                

    _______________________________________________________

Follow-up Comment #1:

Applied, thanks!

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?56098>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel