ssl support

[rolandjitsu]

Does the Objective-C implementation of the mosquito lib support TLS connections?

[jmesnil]

Mosquitto does support TLS but I've not yet added it to MQTTKit.

I have a branch (https://github.com/jmesnil/MQTTKit/tree/TLS_support) for this feature but it's not completed yet

[smzarrin]

Hi Jeff

I do need the open SSL Version. Do you know of any other Kit that does the TLS or could you help me write the wrapper for mosquitto_tls_set. Our broker uses open ssl and port 8884. Thanks in advance,

[jmesnil]

@smzarrin, I'm currently adding TLS support to MQTTKit in this branch https://github.com/jmesnil/MQTTKit/tree/TLS_support but have not thoroughly tested it.

If you could try it and confirm that it works for you, I may merge it in upstream.

[ckrey]

The reason I started my own https://github.com/ckrey/MQTT-Client-Framework was the fact that a year ago there was no SSL support in MQTTKit.

MQTT-Client-Framework supports TLS, MQTT spec 3.1.1 and is the base for @owntracks (http://owntracks.org) and MQTTInspector apps. Both apps are quite stable. For MQTTInspector I added some low level delegate methods too.

MQTT-Client-Framework is fully native Objective-C and builds on Apple's CFNetwork layer.

Let me know when your SSL support is finished.

[jmesnil]

MQTTKit did not exist one year ago ;)
(but mosquito which is used underneath was already supporting TSL).

@ckrey What are the main differences between your lib and 2lemetry/eclipse pano Obj-c client?

[ckrey]

MQTT-Client-Framework started as a fork of m2mIO/mqttIO-objC (the predecessor of the Obj-c client under eclipse).

At that time there were problems with ARC support, SSL was not visible on the public interface, etc.
Unfortunately the maintainers did not respond to issues and even pull requests.

So, I started off to go independently - now there are the following differences although the core code is still 2lemetry:

• full ARC - easily integrates in current developements
• Framework packaging - easily to be imported in projects without the need for pod
• disconnect command and reconnect including additionall closing state - important in IOS, because otherwise you loose connection when the app is going to background
• Using of explicit delegate protocols
• Extended delegate callbacks to SUBACK, UNSUBACK, command send and receive
• fixed some 64 bit issues
• Tested and used in MQTTitude and MQTTInspectore apps available in the app store
• fixed timing issues caused by using usleep
• changed the implementation of retransmits to avoid timing and background issues
• support for new MQTT 3.1.1 spec (protocol level 4)
• test cases
• inline docs

I hope we will find a way to bring Objective-C MQTT libraries together again and profit from wider use, testing, and contributions...

[ckrey]

@jmesnil How do you feel using OpenSSL on IOS (footprint, complexity, stability)?

[mysticvalley]

@jmesnil Hello Jeff, I am using MQTTKit for a messaging app. My broker uses SSL connection. So I am searching for SSL support in the MQTTKit.

I checked out your code and new branch (https://github.com/jmesnil/MQTTKit/tree/TLS_support) for TLS_support as mentioned above. However I don't find any method that implements SSL connection with certificates. Can you please let me know if the branch has SSL support implementation or not? Or let me know if i didn't knew how to use it.

Thanks

[jmesnil]

@mysticboy59 You can specify a CA file on the MQTT client (as it is done in the test https://github.com/jmesnil/MQTTKit/blob/TLS_support/MQTTKitTests/MQTTKitTests.m#L227).

Note that this branch is a proof of concept. I am not sure whether it is a good idea to rely on OpenSSL for TLS given the recent issues with it.

[zwf]

@jmesnil Hello Jeff, seems the TLS_support branch could not be compiled correctly, cause the WITH_TLS not defined.

[viteinfinite]

Worked perfectly with pod 'OpenSSL-Framework', '~> 1.0'

[GuriSarao]

I am using https://github.com/jmesnil/MQTTKit/blob/TLS_support/MQTTKitTests/MQTTKitTests.m#L227).
can any one help me. it give me error message.

[kirang89]

mosquitto_tls_set keeps returning MOSQ_ERR_NOT_SUPPORTED because WITH_TLS is not defined. How can I set this @jmesnil ?

[zwf]

@GuriSarao @kirang89 I forked @jmesnil 's repo and finished the TLS_support branch, just for testing my project. My codes are not good enough for production, you should consummate that codes before use in an online app I think. :)
https://github.com/zwf/MQTTKit/tree/TLS_support

[kirang89]

@zwf I tried adding -DWITH_TLS=1 as a compiler flag and got it to work. I forked your branch anyways and tested it out as well. Seems to work fine for now :) Thanks for sharing your repo!

[GuriSarao]

Hi can you please send me your working source code as i am already stuck in this from last 2 week and can't get any solution yet. My email is is gursewaks104@gmail.com. I will be very thankful to you.

[kirang89]

@GuriSarao Checkout @zwf 's fork. It works fine for me.

[kirang89]

@viteinfinite Did you have issues with OpenSSL-Universal ?

[GuriSarao]

I am getting same error with @zwf fork when i define WITH_TLS.there are lots of error come in my code when i define WITH_TLS. can anyone have solution?

[kirang89]

@GuriSarao You don't have to define anything. Just add
pod 'MQTTKit', :git => 'https://github.com/zwf/MQTTKit', :branch => 'TLS_support'
to your Podfile, pod install it and run your project. If that failed as well, could you provide a link to your repo so that I can take a look at it ?

[zwf]

@GuriSarao just follow @kirang89 's comment :) thx @kirang89
and it's better to use :comment not :branch, that is good for pod to download the right codes, cause I'll push some codes some day, maybe~ :)

pod 'MQTTKit', :git => 'https://github.com/zwf/MQTTKit.git', :commit => '15ba0a41f'

[kirang89]

@zwf I keep getting EXC_BAD_ACCESS issues when trying to load one client after another. Have you faced such issues ?

[zwf]

@kirang89 I didn't face this. I guess the issue brought by async part in MQTTKit.

[kirang89]

My thoughts exactly. I raised it as an issue (#31).

[devTechi]

Hi. Will there be a chance that the branch will get merged to master original repo? Thanks.

[nablavector]

bump

[crystaldonut]

bump because this is a great feature!

[viniciusmo]

bump because this is a great feature![2]

[julianjohn]

@kirang89 / @zwf Im also trying to integrate zwf's implementation. But facing some issues in connecting to the server.

Im trying to connect to a mqtt server with verisign signed cert. What are the parameter i need to set in the client. Tried setting tlsInsecure to false and also set PEM encoded cert for the cafile. nothing seems to work am i missing something? Need help badly.
Could you kindly share any example project for me to refer. Thanks.

[kirang89]

I just used @zwf's fork and got it to work well.

I had to setup MQTT with TLS for work, but I ended up using a non-TLS implementation because of threading issues. Unfortunately I don't have any project that I can share but I'll try and highlight a few key things I did:

• Set the TLS support branch in your Podfile like so:

   pod 'MQTTKit', :git => 'https://github.com/zwf/MQTTKit/tree/TLS_support', :branch => 'TLS_support'
  

• Setup client appropriately before connecting:

  MQTTClient *client = [[MQTTClient alloc]initWithClientId:id];
  [client setUsername:username];
  [client setPassword:password];
  

• Set the CA file to use for server validation

  [client setCafile:[[NSBundle mainBundle]pathForResource:@"ca" ofType:@"crt"]]
  

• Finally connect to the server

  [client connectToHost:MQSERVER completionHandler:handler];
  

[ndmeiri]

Is it possible to use @zwf's fork without a username and password? I'm using the AWS IoT MQTT broker and it doesn't support username/password credentials. It will only accept a CA file and certificates.