paho.mqtt.c使用openssl加密通讯

证书的生成和配置请参考mosquitto使用与openssl证书配置_mosquitto 证书-优快云博客

    • 下载和编译
# 下载paho.mqtt.c代码
git clone git@github.com:eclipse/paho.mqtt.c.git

# 编译安装
make
make install

    • 测试paho.mqtt.c

2.1订阅

修改src/samples/MQTTClient_subscribe.c

#define ADDRESS     "ip"
#define TOPIC       "test2"

运行订阅

cd build/output/samples
./MQTTClient_subscribe

使用mosquitto发布消息

mosquitto_pub -h "ip" -t "test2" -m "my name is xxx"

2.2发布

修改src/samples/MQTTClient_publish.c

#define ADDRESS     "ip"
#define TOPIC       "test1"

使用mosquitto订阅消息

mosquitto_sub -h "ip" -t "test1"

运行发布

cd build/output/samples
./MQTTClient_publish

    • 使用openssl

3.1 启用ssl加密不做认证

# git diff src/samples/MQTTClient_publish.c
diff --git a/src/samples/MQTTClient_publish.c b/src/samples/MQTTClient_publish.c
index 399fd33..daa3522 100644
--- a/src/samples/MQTTClient_publish.c
+++ b/src/samples/MQTTClient_publish.c
@@ -19,9 +19,9 @@
 #include <string.h>
 #include "MQTTClient.h"
 
-#define ADDRESS     "tcp://mqtt.eclipseprojects.io:1883"
+#define ADDRESS     "ssl://192.168.186.131:1883"
 #define CLIENTID    "ExampleClientPub"
-#define TOPIC       "MQTT Examples"
+#define TOPIC       "test1"
 #define PAYLOAD     "Hello World!"
 #define QOS         1
 #define TIMEOUT     10000L
@@ -41,6 +41,11 @@ int main(int argc, char* argv[])
          exit(EXIT_FAILURE);
     }
 
+    MQTTClient_SSLOptions ssl_opts=MQTTClient_SSLOptions_initializer;
+    ssl_opts.enableServerCertAuth=0;
+    ssl_opts.sslVersion=MQTT_SSL_VERSION_DEFAULT;
+    conn_opts.ssl=&ssl_opts;
+
     conn_opts.keepAliveInterval = 20;
     conn_opts.cleansession = 1;
     if ((rc = MQTTClient_connect(client, &conn_opts)) != MQTTCLIENT_SUCCESS)
# 订阅
mosquitto_sub -h 192.168.186.131 -t test --cafile ./ca.crt
# 发布
./build/output/samples/MQTTClient_publish

3.2单向认证

注意在mosquitto配置文件中配置证书路径

# git diff src/samples/MQTTClient_publish.c
diff --git a/src/samples/MQTTClient_publish.c b/src/samples/MQTTClient_publish.c
index 399fd33..1155f24 100644
--- a/src/samples/MQTTClient_publish.c
+++ b/src/samples/MQTTClient_publish.c
@@ -19,9 +19,9 @@
 #include <string.h>
 #include "MQTTClient.h"
 
-#define ADDRESS     "tcp://mqtt.eclipseprojects.io:1883"
+#define ADDRESS     "ssl://192.168.186.131:1883"
 #define CLIENTID    "ExampleClientPub"
-#define TOPIC       "MQTT Examples"
+#define TOPIC       "test"
 #define PAYLOAD     "Hello World!"
 #define QOS         1
 #define TIMEOUT     10000L
@@ -41,6 +41,11 @@ int main(int argc, char* argv[])
          exit(EXIT_FAILURE);
     }
 
+    MQTTClient_SSLOptions ssl_opts=MQTTClient_SSLOptions_initializer;
+    ssl_opts.trustStore = "/home/sy/key/ca.crt";
+    ssl_opts.sslVersion=MQTT_SSL_VERSION_DEFAULT;
+    conn_opts.ssl=&ssl_opts;
+
     conn_opts.keepAliveInterval = 20;
     conn_opts.cleansession = 1;
     if ((rc = MQTTClient_connect(client, &conn_opts)) != MQTTCLIENT_SUCCESS)
# 订阅
mosquitto_sub -h 192.168.186.131 -t test --cafile ./ca.crt
# 发布
./build/output/samples/MQTTClient_publish

3.3双向认证

注意在mosquitto配置文件中开启require_certificate true。

# git diff src/samples/MQTTClient_publish.c
diff --git a/src/samples/MQTTClient_publish.c b/src/samples/MQTTClient_publish.c
index 399fd33..7a0fe3f 100644
--- a/src/samples/MQTTClient_publish.c
+++ b/src/samples/MQTTClient_publish.c
@@ -19,9 +19,9 @@
 #include <string.h>
 #include "MQTTClient.h"
 
-#define ADDRESS     "tcp://mqtt.eclipseprojects.io:1883"
+#define ADDRESS     "ssl://192.168.186.131:1883"
 #define CLIENTID    "ExampleClientPub"
-#define TOPIC       "MQTT Examples"
+#define TOPIC       "test"
 #define PAYLOAD     "Hello World!"
 #define QOS         1
 #define TIMEOUT     10000L
@@ -41,6 +41,13 @@ int main(int argc, char* argv[])
          exit(EXIT_FAILURE);
     }
 
+    MQTTClient_SSLOptions ssl_opts=MQTTClient_SSLOptions_initializer;
+    ssl_opts.trustStore = "/home/sy/key/ca.crt";
+    ssl_opts.privateKey = "/home/sy/key/client.key";
+    ssl_opts.keyStore = "/home/sy/key/client.crt";
+    ssl_opts.sslVersion=MQTT_SSL_VERSION_DEFAULT;
+    conn_opts.ssl=&ssl_opts;
+
     conn_opts.keepAliveInterval = 20;
     conn_opts.cleansession = 1;
     if ((rc = MQTTClient_connect(client, &conn_opts)) != MQTTCLIENT_SUCCESS)

# 订阅
sudo mosquitto_sub -h 192.168.186.131 -t test --cafile ./ca.crt --cert ./client.crt --key ./client.key
# 发布
./build/output/samples/MQTTClient_publish

### 关于paho.mqtt.c库进行SSL支持的交叉编译 #### 准备工作 为了成功完成带有SSL支持的`paho.mqtt.c`库的交叉编译,需先获取必要的源码文件以及配置好开发环境。这包括但不限于下载最新的Paho MQTT C客户端库版本、准备适合目标平台架构的工具链,并确保已安装用于构建过程中的辅助软件如CMake等。 对于OpenSSL而言,在开始编译前应当先行对其进行针对特定硬件平台的交叉编译操作[^3]。此步骤至关重要,因为后续的MQTT库将会链接至这些加密库来实现安全通信功能。 #### OpenSSL的交叉编译 假设已经解压了OpenSSL源代码包,则进入该目录执行如下命令来进行配置: ```bash ./Configure linux-armv4 --prefix=/path/to/install shared no-asm make make install_sw ``` 上述指令适用于ARM架构下的Linux系统;实际应用时应依据具体需求调整参数设置。完成后将生成的目标文件放置在一个易于访问的位置以便稍后引用。 #### Paho.MQTT.C的交叉编译 接着处理`paho.mqtt.c`部分。同样地,从官方网站或其他可信渠道获得最新版源码压缩包并解压之。之后按照下面给出的方式继续前进: ```bash unzip paho.mqtt.c-master.zip cd paho.mqtt.c-master/ mkdir build && cd $_ cmake .. \ -DCMAKE_BUILD_TYPE=Release \ -DPAHO_WITH_SSL=ON \ -DOPENSSL_ROOT_DIR=/path/to/openssl-installation \ -DCMAKE_INSTALL_PREFIX=/usr/local/paho-mqtt-c-crosscompiled \ -DCMAKE_TOOLCHAIN_FILE=path-to-your-toolchain-file/toolchainfile.cmake make make install ``` 这里特别注意几个选项: - `-DPAHO_WITH_SSL=ON`: 启用SSL特性; - `-DOPENSSL_ROOT_DIR=`: 指定先前编译好的OpenSSL安装位置; - `-DCMAKE_INSTALL_PREFIX=`: 定义最终产物安放之处; - `-DCMAKE_TOOLCHAIN_FILE=`: 提供一个描述目标平台特性的toolchain file路径,这对于非标准体系结构非常重要。 通过以上步骤可以顺利完成带SSL支持的`paho.mqtt.c`库的交叉编译流程。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值