SSL support in broker.

eerimoq · Aug 13, 2019 · 1b5f643 · 1b5f643
1 parent e598a87
commit 1b5f643
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 11 deletions.
diff --git a/mqttools/broker.py b/mqttools/broker.py
@@ -309,11 +309,14 @@ class Broker(object):
 
     `host` and `port` are the host and port to listen for clients on.
 
+    `kwargs` are passed to ``asyncio.start_server()``.
+
     """
 
-    def __init__(self, host, port):
+    def __init__(self, host, port, **kwargs):
         self._host = host
         self._port = port
+        self._kwargs = kwargs
         self._sessions = {}
         self._subscribers = defaultdict(list)
         self._wildcard_subscribers = []
@@ -333,7 +336,8 @@ async def serve_forever(self):
 
         self._listener = await asyncio.start_server(self.serve_client,
                                                     self._host,
-                                                    self._port)
+                                                    self._port,
+                                                    **self._kwargs)
         self._listener_ready.set()
         listener_address = self._listener.sockets[0].getsockname()
 

diff --git a/mqttools/subparsers/broker.py b/mqttools/subparsers/broker.py
@@ -1,16 +1,26 @@
-import sys
-import threading
 import asyncio
-import re
-import time
-import bisect
+import ssl
 
 from ..broker import Broker
 
 
 def _do_broker(args):
     print(f"Starting a broker at '{args.host}:{args.port}'.")
-    broker = Broker(args.host, args.port)
+
+    if all([args.cafile, args.certfile, args.keyfile]):
+        print(f"Certfile: '{args.certfile}'")
+        print(f"Keyfile:  '{args.keyfile}'")
+        print(f"CA File:  '{args.cafile}'")
+        print(f"Check hostname: {not args.no_check_hostname}")
+
+        ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH,
+                                                 cafile=args.cafile)
+        ssl_context.check_hostname = not args.no_check_hostname
+        ssl_context.load_cert_chain(certfile=args.certfile, keyfile=args.keyfile)
+    else:
+        ssl_context = None
+
+    broker = Broker(args.host, args.port, ssl=ssl_context)
     asyncio.run(broker.serve_forever())
 
 
@@ -24,4 +34,20 @@ def add_subparser(subparsers):
                            type=int,
                            default=1883,
                            help='Broker port (default: %(default)s).')
+    subparser.add_argument(
+        '--cafile',
+        default='',
+        help='MQTT broker CA file.')
+    subparser.add_argument(
+        '--certfile',
+        default='',
+        help='MQTT broker certificate file.')
+    subparser.add_argument(
+        '--keyfile',
+        default='',
+        help='MQTT broker key file.')
+    subparser.add_argument(
+        '--no-check-hostname',
+        action='store_true',
+        help='Do not check certificate hostname.')
     subparser.set_defaults(func=_do_broker)
diff --git a/mqttools/subparsers/monitor.py b/mqttools/subparsers/monitor.py
@@ -1,8 +1,6 @@
 import sys
 import threading
-import textwrap
 import asyncio
-import re
 import time
 import curses
 import bisect

diff --git a/mqttools/version.py b/mqttools/version.py
@@ -1 +1 @@
-__version__ = '0.28.0'
+__version__ = '0.29.0'