Supported alternative TLS library.

[redboltz]

No description provided.

[redboltz]

This is currently just PoC.

[codecov]

Codecov Report

Merging #673 (3a222bb) into master (ca47db0) will not change coverage.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##           master     #673   +/-   ##
=======================================
  Coverage   82.06%   82.06%           
=======================================
  Files          47       47           
  Lines        7082     7082           
=======================================
  Hits         5812     5812           
  Misses       1270     1270           

[redboltz]

Using alternative TLS library

mqtt_cpp uses OpenSSL by default. User can use alternative TLS library such as GNUTLS instead of OpenSSL.

How to use

Define the following three preprosessor macros.

macro	meaning	default
MQTT_TLS_INCLUDE	TLS include path	<boost/asio/ssl.hpp>
MQTT_TLS_WS_INCLUDE	TLS (Websocket) include path	<boost/beast/websocket/ssl.hpp>
MQTT_TLS_NS	namespace of tls library	boost::asio::ssl

If you define the macros, then the default value is overridden. Note that MQTT_TLS_WS_INCLUDE is required only if MQTT_USE_TLS is defined.

Design choice

mqtt_cpp doesn't care about alternative TLS libraries directly. In other words, it is out of scope. mqtt_cpp provides minimal support for the alternative TLS libraries.

[shantanu1singh]

#endif // defined(MQTT_USE_TLS)

This doesn't work with GnuTLS.

We'd need for this to be pulled out into a function in tls.hpp

This is what I'd done in my PR earlier:

inline constexpr bool is_tls_short_read(int error_val)
{

#if MQTT_USE_TLS == MQTT_TLS_OPENSSL
#if defined(SSL_R_SHORT_READ)
return ERR_GET_REASON(error_val) == SSL_R_SHORT_READ;
#else // defined(SSL_R_SHORT_READ)
return ERR_GET_REASON(error_val) == tls::error::stream_truncated;
#endif // defined(SSL_R_SHORT_READ)
#elif MQTT_USE_TLS == MQTT_TLS_GNUTLS
return error_val == tls::error::stream_truncated;
#endif // MQTT_USE_TLS == MQTT_TLS_OPENSSL

return false;

}

---

Refers to: include/mqtt/endpoint.hpp:4569 in c87dc47. [](commit_id = c87dc47, deletion_comment = False)

[redboltz]

I'm not sure how to do that. But could you write a PR to fix the issue ? The target PR is #673 (add_alt_tls_support branch)
However, I don't want to introduce any GNU_TLS feature is mqtt_cpp.
So you need to introduce some abstraction like

#if !defined(MQTT_TLS_INCLUDE)
#define MQTT_TLS_INCLUDE <boost/asio/ssl.hpp>
#endif // !defined(MQTT_TLS_INCLUDE)

By default, OpenSSL is used. If you override some macro (maybe you newly introduce), then GnuTLS tls short read is enabled.

[redboltz]

Just add the macro MQTT_TLS_ERROR_COMPARISON.

You can customize it using -D option.

 -DMQTT_TLS_ERROR_COMPARISON\(v\)=v==tls::error::stream_truncated

[shantanu1singh]

@redboltz Yep, that worked. Thanks!

There's one other thing though. In the CMakeLists.txt at the root and the CMakeLists.txt under include/, we are finding the OpenSSL library if MQTT_USE_TLS is set and linking to it. Would it be possible to disable that?

In order to use these changes, I had to add a find_package(OpenSSL) to my project's CMakeLists.txt

[redboltz]

I think that you can do as follows:

cmake -DMQTT_USE_TLS=OFF -DCMAKE_CXX_FLAGS="-DMQTT_USE_TLS -DMQTT_TLS_INCLUDE=...." ..

You can omit -DMQTT_USE_TLS=OFF. It is OFF by default.
The point is don't pass OpenSSL related flag to cmake, but pass TLS enable flag to the compiler.

[shantanu1singh]

@redboltz Ah cool, I'll try that. Thanks! I'll let you know soon if everything works as expected

[redboltz]

Due to #718 fix, MQTT_TLS_ERROR_COMPARISON is no longer required.

[shantanu1singh]

@redboltz Sorry for getting back so late. Finally got to this again.

So, I ran the cmake command based on your recommendation:

cmake -DCMAKE_CXX_FLAGS='-I /usr/local/include/boost-asio-gnutls -I /usr/local/include/boost-beast-websockets-gnutls -L  /usr/local/lib/libgnutls.so -DMQTT_TLS_INCLUDE="<boost/asio/gnutls.hpp>" -DMQTT_TLS_WS_INCLUDE="<boost/beast/websocket/gnutls/ssl.hpp>" -DMQTT_TLS_NS=boost::asio::gnutls -DMQTT_USE_TLS' -DMQTT_BUILD_TESTS=OFF -DMQTT_BUILD_EXAMPLES=OFF -DMQTT_USE_WS=ON .. 

However, when I try to build an executable that depends on the mqtt_cpp library, I get some errors:

error: ‘make_tls_sync_client’ is not a member of ‘mqtt’
         mqttHandle_ = MQTT_NS::make_tls_sync_client(ioContext_, host, port, version);

/usr/local/include/mqtt/client.hpp:446:21: error: no matching function for call to ‘mqtt::client<mqtt::tcp_endpoint<boost::asio::gnutls::stream<boost::asio::basic_stream_socket<boost::asio::ip::tcp> >, boost::asio::io_context::strand>, 2>::setup_socket(std::shared_ptr<mqtt::tcp_endpoint<boost::asio::gnutls::stream<boost::asio::basic_stream_socket<boost::asio::ip::tcp> >, boost::asio::io_context::strand> >&)’
         setup_socket(socket_);
         ~~~~~~~~~~~~^~~~~~~~~

Everything works fine if I set the MQTT_USE_TLS flag to 'ON' in the Cmake options as well.

[redboltz]

If you defined MQTT_USE_TLS correctly, make_tls_sync_client should be defined.

See the following code:
https://github.com/redboltz/mqtt_cpp/blob/master/include/mqtt/sync_client.hpp#L86

It seems that you need to check actual compiler options using VERBOSE=1, and preprosessor output.

[shantanu1singh]

@redboltz Yep, my bad. It worked. Thanks for the help!

Will you be merging this change with master now? Also, any plans of an upcoming release that might include this change? Thanks!

[redboltz]

merged. Release is not decided yet.