mosquitto-users team mailing list archive

Thread
Date

Re: Advanced certificate verification

To: Remi SALEMBIER <remi.salembier@xxxxxxx>
From: Roger Light <roger@xxxxxxxxxx>
Date: Tue, 18 Feb 2014 21:45:43 +0000
Cc: "mosquitto-users@xxxxxxxxxxxxxxxxxxx" <mosquitto-users@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <5ec3ab03f0ad46ceb5fbe744a689a504@DBXPR06MB352.eurprd06.prod.outlook.com>
Sender: rogerlight@xxxxxxxxx

Hi Remi,

Using OCSP isn't currently possible, nor is it possible to define your
own verifications. It seems like would be a good idea though.
mosquitto already uses the openssl callbacks it would be simple enough
to allow your own to be provided.

Cheers,

Roger


On Fri, Feb 7, 2014 at 1:35 PM, Remi SALEMBIER <remi.salembier@xxxxxxx> wrote:
> Hi,
>
>
>
> Mosquitto broker is currently able to verify certificates based on CRLs. It
> is not possible to proceed to custom advanced verifications (eg: online
> controls using OCSP).
>
> In the same way, Mosquitto client only allow to control (or not) the name of
> the certificate: if the certificate’s name matches the hostname of the
> server then it is considered verified.
>
>
>
> Is there any chance that Mosquitto allows to select a custom verify callback
> called by OpenSSL?
>
>
>
> Cheers,
>
> Remi
>
>
> --
> Mailing list: https://launchpad.net/~mosquitto-users
> Post to     : mosquitto-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~mosquitto-users
> More help   : https://help.launchpad.net/ListHelp
>

References

Advanced certificate verification
From: Remi SALEMBIER, 2014-02-07