mosquitto-users team mailing list archive

Thread
Date

Re: Best practices for tls_set in Python

To: "Jack O'Connor" <oconnor663@xxxxxxxxx>
From: Roger Light <roger@xxxxxxxxxx>
Date: Thu, 13 Jun 2013 00:01:36 +0100
Cc: "mosquitto-users@xxxxxxxxxxxxxxxxxxx" <mosquitto-users@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CA+6di1mdynZa+bT0RLAE5pa6KZkndLfOKSmFS+A+tDavQkBDzA@mail.gmail.com>
Sender: rogerlight@xxxxxxxxx

Hi Jack,

Thanks for the reminder that I'd not replied to this.

You can of course use the certificates that come with your OS and as
Alexander says they are located in /etc/ssl/certs. You can use the
"capath" option rather than "cafile" to load them.

Bear in mind that there may be no need for you to use an existing CA
though. If you control your application at both ends, you can create
your own certificates with your own CA certificate and key.

Either way, it is common practice to use a intermediate CA as
described in this bug report:
https://bugs.launchpad.net/mosquitto/+bug/1189444 As you can see,
support for this is something that needs fixing.

Another approach is to use the TLS-PSK support, which provides
encryption without the overhead of using certificates.

Cheers,

Roger

Follow ups

Re: Best practices for tls_set in Python
From: Jack O'Connor, 2013-06-21

References

Best practices for tls_set in Python
From: Jack O'Connor, 2013-02-05