allow clients to validate server without providing their own credentials

[mrose17]

No description provided.

[noppermann]

+1

[mcollina]

Can you please add a test for this? Thanks!

[mrose17]

this is kind of embarrassing to admit… i've never really figured out how to do the node test harness stuff… all i can tell you is that i've been using the code 24x7 for the last two months (-; sorry!

[mcollina]

Can you please try #183 and check if everything works as planned? I did some refactoring.

[mrose17]

sorry, it's still broken. the issue is that opts.keyPath/opts.certPath are logically separate from opts.ca -- keyPath and certPath deal with the client authenticating itself, whilst ca deals with the certification authorities to be used when the server authenticates itself. so the logic needs to look like this:

    if (opts.keyPath && opts.certPath) {
      tls_opts.key = fs.readFileSync(opts.keyPath);
      tls_opts.cert = fs.readFileSync(opts.certPath);
    }
    tls_opts.ca = [];
    if (opts.ca) {
        for (var i = 0;i<opts.ca.length;i++) {
            tls_opts.ca[i] = fs.readFileSync(opts.ca[i]);
        }
    }
    tls_opts.rejectUnauthorized = opts.rejectUnauthorized || false;

[mcollina]

It is exactly like that in #183: https://github.com/adamvr/MQTT.js/blob/0.3.9-dev/lib/mqtt.js#L128-L137.

Can you git pull that branch and test it? In case it's not working, can you please provide a script that show the issue?

[mrose17]

oops, my bad! ok, i'm running with it now and don't see any issues. i'll keep running with it locally. if there's an issue, i'll report back… otherwise, let's call this one closed. thanks!