paho.mqtt.c使用openssl加密通讯

证书的生成和配置请参考mosquitto使用与openssl证书配置_mosquitto 证书-CSDN博客

    • 下载和编译
# 下载paho.mqtt.c代码
git clone git@github.com:eclipse/paho.mqtt.c.git

# 编译安装
make
make install

    • 测试paho.mqtt.c

2.1订阅

修改src/samples/MQTTClient_subscribe.c

#define ADDRESS     "ip"
#define TOPIC       "test2"

运行订阅

cd build/output/samples
./MQTTClient_subscribe

使用mosquitto发布消息

mosquitto_pub -h "ip" -t "test2" -m "my name is xxx"

2.2发布

修改src/samples/MQTTClient_publish.c

#define ADDRESS     "ip"
#define TOPIC       "test1"

使用mosquitto订阅消息

mosquitto_sub -h "ip" -t "test1"

运行发布

cd build/output/samples
./MQTTClient_publish

    • 使用openssl

3.1 启用ssl加密不做认证

# git diff src/samples/MQTTClient_publish.c
diff --git a/src/samples/MQTTClient_publish.c b/src/samples/MQTTClient_publish.c
index 399fd33..daa3522 100644
--- a/src/samples/MQTTClient_publish.c
+++ b/src/samples/MQTTClient_publish.c
@@ -19,9 +19,9 @@
 #include <string.h>
 #include "MQTTClient.h"
 
-#define ADDRESS     "tcp://mqtt.eclipseprojects.io:1883"
+#define ADDRESS     "ssl://192.168.186.131:1883"
 #define CLIENTID    "ExampleClientPub"
-#define TOPIC       "MQTT Examples"
+#define TOPIC       "test1"
 #define PAYLOAD     "Hello World!"
 #define QOS         1
 #define TIMEOUT     10000L
@@ -41,6 +41,11 @@ int main(int argc, char* argv[])
          exit(EXIT_FAILURE);
     }
 
+    MQTTClient_SSLOptions ssl_opts=MQTTClient_SSLOptions_initializer;
+    ssl_opts.enableServerCertAuth=0;
+    ssl_opts.sslVersion=MQTT_SSL_VERSION_DEFAULT;
+    conn_opts.ssl=&ssl_opts;
+
     conn_opts.keepAliveInterval = 20;
     conn_opts.cleansession = 1;
     if ((rc = MQTTClient_connect(client, &conn_opts)) != MQTTCLIENT_SUCCESS)
# 订阅
mosquitto_sub -h 192.168.186.131 -t test --cafile ./ca.crt
# 发布
./build/output/samples/MQTTClient_publish

3.2单向认证

注意在mosquitto配置文件中配置证书路径

# git diff src/samples/MQTTClient_publish.c
diff --git a/src/samples/MQTTClient_publish.c b/src/samples/MQTTClient_publish.c
index 399fd33..1155f24 100644
--- a/src/samples/MQTTClient_publish.c
+++ b/src/samples/MQTTClient_publish.c
@@ -19,9 +19,9 @@
 #include <string.h>
 #include "MQTTClient.h"
 
-#define ADDRESS     "tcp://mqtt.eclipseprojects.io:1883"
+#define ADDRESS     "ssl://192.168.186.131:1883"
 #define CLIENTID    "ExampleClientPub"
-#define TOPIC       "MQTT Examples"
+#define TOPIC       "test"
 #define PAYLOAD     "Hello World!"
 #define QOS         1
 #define TIMEOUT     10000L
@@ -41,6 +41,11 @@ int main(int argc, char* argv[])
          exit(EXIT_FAILURE);
     }
 
+    MQTTClient_SSLOptions ssl_opts=MQTTClient_SSLOptions_initializer;
+    ssl_opts.trustStore = "/home/sy/key/ca.crt";
+    ssl_opts.sslVersion=MQTT_SSL_VERSION_DEFAULT;
+    conn_opts.ssl=&ssl_opts;
+
     conn_opts.keepAliveInterval = 20;
     conn_opts.cleansession = 1;
     if ((rc = MQTTClient_connect(client, &conn_opts)) != MQTTCLIENT_SUCCESS)
# 订阅
mosquitto_sub -h 192.168.186.131 -t test --cafile ./ca.crt
# 发布
./build/output/samples/MQTTClient_publish

3.3双向认证

注意在mosquitto配置文件中开启require_certificate true。

# git diff src/samples/MQTTClient_publish.c
diff --git a/src/samples/MQTTClient_publish.c b/src/samples/MQTTClient_publish.c
index 399fd33..7a0fe3f 100644
--- a/src/samples/MQTTClient_publish.c
+++ b/src/samples/MQTTClient_publish.c
@@ -19,9 +19,9 @@
 #include <string.h>
 #include "MQTTClient.h"
 
-#define ADDRESS     "tcp://mqtt.eclipseprojects.io:1883"
+#define ADDRESS     "ssl://192.168.186.131:1883"
 #define CLIENTID    "ExampleClientPub"
-#define TOPIC       "MQTT Examples"
+#define TOPIC       "test"
 #define PAYLOAD     "Hello World!"
 #define QOS         1
 #define TIMEOUT     10000L
@@ -41,6 +41,13 @@ int main(int argc, char* argv[])
          exit(EXIT_FAILURE);
     }
 
+    MQTTClient_SSLOptions ssl_opts=MQTTClient_SSLOptions_initializer;
+    ssl_opts.trustStore = "/home/sy/key/ca.crt";
+    ssl_opts.privateKey = "/home/sy/key/client.key";
+    ssl_opts.keyStore = "/home/sy/key/client.crt";
+    ssl_opts.sslVersion=MQTT_SSL_VERSION_DEFAULT;
+    conn_opts.ssl=&ssl_opts;
+
     conn_opts.keepAliveInterval = 20;
     conn_opts.cleansession = 1;
     if ((rc = MQTTClient_connect(client, &conn_opts)) != MQTTCLIENT_SUCCESS)

# 订阅
sudo mosquitto_sub -h 192.168.186.131 -t test --cafile ./ca.crt --cert ./client.crt --key ./client.key
# 发布
./build/output/samples/MQTTClient_publish

  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值