Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add public key pinning #1475

Open
wants to merge 4 commits into
base: develop
Choose a base branch
from
Open

Add public key pinning #1475

wants to merge 4 commits into from

Conversation

DBL2017
Copy link

@DBL2017 DBL2017 commented Apr 26, 2024

Added a configuration item called “publicKey” to represent the server’s public key, which is used for pinning the server certificate with a public key.

Signed-off-by: DBL2017 <[email protected]>
@fpagliughi
Copy link
Contributor

fpagliughi commented Jul 7, 2024

Actually, this might be nice to have.

But, unfortunately, one thing you missed is how the library handles modifications to the public data structures, particularly the options like MQTTAsync_SSLOptions.

Basically, you should preserve the pre-existing binary layout; so only add new elements to the end of the struct. Then update the structure version number, and only access the new elements in the code if the in-memory struct has a version greater-than or equal to the version where you added the new elements.

But be careful when doing this. The current version number of the structs is hard-coded at a few places in the code. This should probably be fixed with some #define constants, but at the moment this is the way.

There's a similar discussion of this in another pending PR:
#1463 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants