From: Florian Forster Date: Thu, 21 Sep 2017 20:00:14 +0000 (+0200) Subject: Merge remote-tracking branch 'github/pr/2434' X-Git-Tag: collectd-5.8.0~88 X-Git-Url: https://git.octo.it/?p=collectd.git;a=commitdiff_plain;h=23d34e73bdbdf0ef5b9221ad821c9560d4d8e0bb;hp=4d651bf30af5408da82e753b6232fc64dcba96db Merge remote-tracking branch 'github/pr/2434' --- diff --git a/src/collectd.conf.in b/src/collectd.conf.in index bbd3a15c..f35f3284 100644 --- a/src/collectd.conf.in +++ b/src/collectd.conf.in @@ -814,6 +814,11 @@ # QoS 2 # Topic "collectd/#" # CleanSession true +# CACert "/etc/ssl/ca.crt" +# CertificateFile "/etc/ssl/client.crt" +# CertificateKeyFile "/etc/ssl/client.pem" +# TLSProtocol "tlsv1.2" +# CipherSuite "ciphers" # # diff --git a/src/collectd.conf.pod b/src/collectd.conf.pod index af6ed936..63e62efb 100644 --- a/src/collectd.conf.pod +++ b/src/collectd.conf.pod @@ -4173,18 +4173,18 @@ the B branch. Path to the PEM-encoded CA certificate file. Setting this option enables TLS communication with the MQTT broker, and as such, B should be the TLS-enabled port of the MQTT broker. -A valid TLS configuration requires B, B and B. +This option enables the use of TLS. =item B I Path to the PEM-encoded certificate file to use as client certificate when connecting to the MQTT broker. -A valid TLS configuration requires B, B and B. +Only valid if B and B are also set. =item B I Path to the unencrypted PEM-encoded key file corresponding to B. -A valid TLS configuration requires B, B and B. +Only valid if B and B are also set. =item B I @@ -4192,13 +4192,14 @@ If configured, this specifies the string protocol version (e.g. C, C) to use for the TLS connection to the broker. If not set a default version is used which depends on the version of OpenSSL the Mosquitto library was linked against. +Only valid if B is set. =item B I A string describing the ciphers available for use. See L and the C utility for more information. If unset, the default ciphers will be used. - +Only valid if B is set. =back diff --git a/src/mqtt.c b/src/mqtt.c index 851866b0..51644855 100644 --- a/src/mqtt.c +++ b/src/mqtt.c @@ -525,10 +525,10 @@ static int mqtt_write(const data_set_t *ds, const value_list_t *vl, * StoreRates true * Retain false * QoS 0 - * CACert "ca.pem" Enables TLS if set - * CertificateFile "client-cert.pem" optional - * CertificateKeyFile "client-key.pem" optional - * TLSProtocol "tlsv1.2" optional + * CACert "ca.pem" Enables TLS if set + * CertificateFile "client-cert.pem" optional + * CertificateKeyFile "client-key.pem" optional + * TLSProtocol "tlsv1.2" optional * */ static int mqtt_config_publisher(oconfig_item_t *ci) { @@ -624,6 +624,10 @@ static int mqtt_config_publisher(oconfig_item_t *ci) { * User "guest" * Password "secret" * Topic "collectd/#" + * CACert "ca.pem" Enables TLS if set + * CertificateFile "client-cert.pem" optional + * CertificateKeyFile "client-key.pem" optional + * TLSProtocol "tlsv1.2" optional * */ static int mqtt_config_subscriber(oconfig_item_t *ci) { @@ -687,6 +691,16 @@ static int mqtt_config_subscriber(oconfig_item_t *ci) { cf_util_get_string(child, &conf->topic); else if (strcasecmp("CleanSession", child->key) == 0) cf_util_get_boolean(child, &conf->clean_session); + else if (strcasecmp("CACert", child->key) == 0) + cf_util_get_string(child, &conf->cacertificatefile); + else if (strcasecmp("CertificateFile", child->key) == 0) + cf_util_get_string(child, &conf->certificatefile); + else if (strcasecmp("CertificateKeyFile", child->key) == 0) + cf_util_get_string(child, &conf->certificatekeyfile); + else if (strcasecmp("TLSProtocol", child->key) == 0) + cf_util_get_string(child, &conf->tlsprotocol); + else if (strcasecmp("CipherSuite", child->key) == 0) + cf_util_get_string(child, &conf->ciphersuite); else ERROR("mqtt plugin: Unknown config option: %s", child->key); }