Skip to content

Commit

Permalink
tls hostname verification (#125)
Browse files Browse the repository at this point in the history
Co-authored-by: Uwe Kubosch <[email protected]>
  • Loading branch information
larsin and donv authored Apr 3, 2024
1 parent 52ef5ff commit 75c70e6
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 3 deletions.
8 changes: 7 additions & 1 deletion lib/mqtt/client.rb
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@ class Client
# @see OpenSSL::SSL::SSLContext::METHODS
attr_accessor :ssl

# Set to false to skip tls hostname verification
attr_accessor :verify_host

# Time (in seconds) between pings to remote server (default is 15 seconds)
attr_accessor :keep_alive

Expand Down Expand Up @@ -75,7 +78,8 @@ class Client
:will_payload => nil,
:will_qos => 0,
:will_retain => false,
:ssl => false
:ssl => false,
:verify_host => true
}

# Create and connect a new MQTT Client
Expand Down Expand Up @@ -248,6 +252,8 @@ def connect(clientid = nil)
@socket.hostname = @host if @socket.respond_to?(:hostname=)

@socket.connect

@socket.post_connection_check(@host) if @verify_host
else
@socket = tcp_socket
end
Expand Down
4 changes: 2 additions & 2 deletions mqtt.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,8 @@ Gem::Specification.new do |gem|
gem.add_development_dependency 'rubocop', '~> 1.45'
elsif Gem.ruby_version > Gem::Version.new('2.0')
gem.add_development_dependency 'bundler', '>= 1.11.2'
gem.add_development_dependency 'rake', '>= 10.2.2'
gem.add_development_dependency 'yard', '>= 0.9.11'
gem.add_development_dependency 'rake', '>= 12.3.3'
gem.add_development_dependency 'yard', '>= 0.9.20'
gem.add_development_dependency 'rspec', '>= 3.5.0'
gem.add_development_dependency 'simplecov','>= 0.9.2'
gem.add_development_dependency 'rubocop', '~> 0.48.0'
Expand Down
13 changes: 13 additions & 0 deletions spec/mqtt_client_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -442,6 +442,7 @@ def now
it "should use ssl if it enabled using the :ssl => true parameter" do
expect(OpenSSL::SSL::SSLSocket).to receive(:new).and_return(ssl_socket)
expect(ssl_socket).to receive(:connect)
expect(ssl_socket).to receive(:post_connection_check).with('mqtt.example.com')

client = MQTT::Client.new('mqtt.example.com', :ssl => true)
allow(client).to receive(:receive_connack)
Expand All @@ -451,6 +452,7 @@ def now
it "should use ssl if it enabled using the mqtts:// scheme" do
expect(OpenSSL::SSL::SSLSocket).to receive(:new).and_return(ssl_socket)
expect(ssl_socket).to receive(:connect)
expect(ssl_socket).to receive(:post_connection_check).with('mqtt.example.com')

client = MQTT::Client.new('mqtts://mqtt.example.com')
allow(client).to receive(:receive_connack)
Expand All @@ -460,6 +462,7 @@ def now
it "should use set the SSL version, if the :ssl parameter is a symbol" do
expect(OpenSSL::SSL::SSLSocket).to receive(:new).and_return(ssl_socket)
expect(ssl_socket).to receive(:connect)
expect(ssl_socket).to receive(:post_connection_check).with('mqtt.example.com')

client = MQTT::Client.new('mqtt.example.com', :ssl => :TLSv1)
expect(client.ssl_context).to receive('ssl_version=').with(:TLSv1)
Expand All @@ -470,11 +473,21 @@ def now
it "should use set hostname on the SSL socket for SNI" do
expect(OpenSSL::SSL::SSLSocket).to receive(:new).and_return(ssl_socket)
expect(ssl_socket).to receive(:hostname=).with('mqtt.example.com')
expect(ssl_socket).to receive(:post_connection_check).with('mqtt.example.com')

client = MQTT::Client.new('mqtts://mqtt.example.com')
allow(client).to receive(:receive_connack)
client.connect
end

it "should skip host verification" do
expect(OpenSSL::SSL::SSLSocket).to receive(:new).and_return(ssl_socket)
expect(ssl_socket).to receive(:connect)

client = MQTT::Client.new('mqtt.example.com', :ssl => true, :verify_host => false)
allow(client).to receive(:receive_connack)
client.connect
end
end

context "with a last will and testament set" do
Expand Down

0 comments on commit 75c70e6

Please sign in to comment.