paho.mqtt.c使用openssl加密通讯

证书的生成和配置请参考https://blog.csdn.net/sy84436446/article/details/128576433

1. • 下载和编译

# 下载paho.mqtt.c代码
git clone [email protected]:eclipse/paho.mqtt.c.git

# 编译安装
make
make install

2. • 测试paho.mqtt.c

2.1订阅

修改src/samples/MQTTClient_subscribe.c

#define ADDRESS     "ip"
#define TOPIC       "test2"

运行订阅

cd build/output/samples
./MQTTClient_subscribe

使用mosquitto发布消息

mosquitto_pub -h "ip" -t "test2" -m "my name is xxx"

2.2发布

修改src/samples/MQTTClient_publish.c

#define ADDRESS     "ip"
#define TOPIC       "test1"

使用mosquitto订阅消息

mosquitto_sub -h "ip" -t "test1"

运行发布

cd build/output/samples
./MQTTClient_publish

3. • 使用openssl

3.1 启用ssl加密不做认证

# git diff src/samples/MQTTClient_publish.c
diff --git a/src/samples/MQTTClient_publish.c b/src/samples/MQTTClient_publish.c
index 399fd33..daa3522 100644
--- a/src/samples/MQTTClient_publish.c
+++ b/src/samples/MQTTClient_publish.c
@@ -19,9 +19,9 @@
 #include 
 #include "MQTTClient.h"
 
-#define ADDRESS     "tcp://mqtt.eclipseprojects.io:1883"
+#define ADDRESS     "ssl://192.168.186.131:1883"
 #define CLIENTID    "ExampleClientPub"
-#define TOPIC       "MQTT Examples"
+#define TOPIC       "test1"
 #define PAYLOAD     "Hello World!"
 #define QOS         1
 #define TIMEOUT     10000L
@@ -41,6 +41,11 @@ int main(int argc, char* argv[])
          exit(EXIT_FAILURE);
     }
 
+    MQTTClient_SSLOptions ssl_opts=MQTTClient_SSLOptions_initializer;
+    ssl_opts.enableServerCertAuth=0;
+    ssl_opts.sslVersion=MQTT_SSL_VERSION_DEFAULT;
+    conn_opts.ssl=&ssl_opts;
+
     conn_opts.keepAliveInterval = 20;
     conn_opts.cleansession = 1;
     if ((rc = MQTTClient_connect(client, &conn_opts)) != MQTTCLIENT_SUCCESS)

# 订阅
mosquitto_sub -h 192.168.186.131 -t test --cafile ./ca.crt
# 发布
./build/output/samples/MQTTClient_publish

3.2单向认证

注意在mosquitto配置文件中配置证书路径

# git diff src/samples/MQTTClient_publish.c
diff --git a/src/samples/MQTTClient_publish.c b/src/samples/MQTTClient_publish.c
index 399fd33..1155f24 100644
--- a/src/samples/MQTTClient_publish.c
+++ b/src/samples/MQTTClient_publish.c
@@ -19,9 +19,9 @@
 #include 
 #include "MQTTClient.h"
 
-#define ADDRESS     "tcp://mqtt.eclipseprojects.io:1883"
+#define ADDRESS     "ssl://192.168.186.131:1883"
 #define CLIENTID    "ExampleClientPub"
-#define TOPIC       "MQTT Examples"
+#define TOPIC       "test"
 #define PAYLOAD     "Hello World!"
 #define QOS         1
 #define TIMEOUT     10000L
@@ -41,6 +41,11 @@ int main(int argc, char* argv[])
          exit(EXIT_FAILURE);
     }
 
+    MQTTClient_SSLOptions ssl_opts=MQTTClient_SSLOptions_initializer;
+    ssl_opts.trustStore = "/home/sy/key/ca.crt";
+    ssl_opts.sslVersion=MQTT_SSL_VERSION_DEFAULT;
+    conn_opts.ssl=&ssl_opts;
+
     conn_opts.keepAliveInterval = 20;
     conn_opts.cleansession = 1;
     if ((rc = MQTTClient_connect(client, &conn_opts)) != MQTTCLIENT_SUCCESS)

# 订阅
mosquitto_sub -h 192.168.186.131 -t test --cafile ./ca.crt
# 发布
./build/output/samples/MQTTClient_publish

3.3双向认证

注意在mosquitto配置文件中开启require_certificate true。

# git diff src/samples/MQTTClient_publish.c
diff --git a/src/samples/MQTTClient_publish.c b/src/samples/MQTTClient_publish.c
index 399fd33..7a0fe3f 100644
--- a/src/samples/MQTTClient_publish.c
+++ b/src/samples/MQTTClient_publish.c
@@ -19,9 +19,9 @@
 #include 
 #include "MQTTClient.h"
 
-#define ADDRESS     "tcp://mqtt.eclipseprojects.io:1883"
+#define ADDRESS     "ssl://192.168.186.131:1883"
 #define CLIENTID    "ExampleClientPub"
-#define TOPIC       "MQTT Examples"
+#define TOPIC       "test"
 #define PAYLOAD     "Hello World!"
 #define QOS         1
 #define TIMEOUT     10000L
@@ -41,6 +41,13 @@ int main(int argc, char* argv[])
          exit(EXIT_FAILURE);
     }
 
+    MQTTClient_SSLOptions ssl_opts=MQTTClient_SSLOptions_initializer;
+    ssl_opts.trustStore = "/home/sy/key/ca.crt";
+    ssl_opts.privateKey = "/home/sy/key/client.key";
+    ssl_opts.keyStore = "/home/sy/key/client.crt";
+    ssl_opts.sslVersion=MQTT_SSL_VERSION_DEFAULT;
+    conn_opts.ssl=&ssl_opts;
+
     conn_opts.keepAliveInterval = 20;
     conn_opts.cleansession = 1;
     if ((rc = MQTTClient_connect(client, &conn_opts)) != MQTTCLIENT_SUCCESS)

# 订阅
sudo mosquitto_sub -h 192.168.186.131 -t test --cafile ./ca.crt --cert ./client.crt --key ./client.key
# 发布
./build/output/samples/MQTTClient_publish