Improved SSL/TLS support, other features and Apache 2.0 license !

This time the M2Mqtt library has undergone some “important” changes in terms of new features and bug fixing. I have to admit that the improvements are mainly due to the people who use it and report me to add new features or bugs to fix. In addition to several issues reported on CodePlex, this time also Clemens Vasters, PM on Microsoft Azure, submitted some improvements to be applied in the context of SSL / TLS authentication. In fact, as already tweeted several weeks ago, Clemens used my library to run tests on the Reykjavik project (Device Gateway) presented at Build in 2014 and I can only be honored.

SSL/TLS authentication

In this case, the improvement is closely related to the .Net Framework version, since it is the only version to support what has been added. In particular, the MqttClient class makes available other constructors which can provide the following callbacks :

  • RemoteCertificateValidationCallback : allows the user to execute further checks on the validation of the certificate received from the server in addition to those already performed by the system. Useful in the case of debugging and self-signed certificates, in order to accept them regardless of the connection with the server;
  • LocalCertificateSelectionCallback : allows the user to select the client certificate in a timely manner to be transferred to the server in case of mutual authentication during the SSL handshake. The certificate can be selected from a pool of local certificates or created “on the fly” directly in the callback;

For more information, you can refer to the official MSDN documentation.

In the case of more complex constructor (with both callbacks), an application example can be the following:

MqttClient client = new MqttClient("<server_name>", 8883, true, ValidateServerCertificate, SelectClientCertificate);
...
...
bool ValidateServerCertificate(object sender,
						X509Certificate certificate,
						X509Chain chain,
						SslPolicyErrors sslpolicyerrors)
{
	bool valid;
	// check sslpolicyerrors and execute your certificate validation
	...
	...
	return valid;
}

X509Certificate SelectClientCertificate(Object sender,
						string targetHost,
						X509CertificateCollection localCertificates,
						X509Certificate remoteCertificate,
						string[] acceptableIssuers)
{
	X509Certificate cert;

	// choose client certificate from local store or creating new one
	...
	...
	return cert;
}

Obsolete constructors and tracing

To try to simplify the creation of the client, the constructors who receive in input an IPAddress are now “marked” with the Obsolete attribute. In fact, all other constructors allow you to specify an IP address or a host name as input in string format; the constructor will check what type it is and in the case of host name to perform a conversion to IP address through DNS.

Regarding the tracing, some people have reported that in the Nuget version this functionality did not display the content of each message exchanged with broker but the type of the message; this was due to the fact that the Nuget library is compiled in Release mode but the trace messages were active in Debug. The current version provides tracing both in debug and release as it is related to the TRACE symbol (and no longer the DEBUG symbol) that is defined in both configurations. Obviously, the tracing is always tied to the definition of a TraceListener by the user.

Bug fixing

The main fixed bugs were raised on CodePlex by some people. Following link with more information :

Conclusions

The library is evolving thanks to the community and very soon it will include MQTT 3.1.1 support that will be OASIS standard in few weeks. Another step is the license changed from L-GPL to Apache 2.0 !

As always you can fine new version on CodePlex, Nuget and Microsoft Code Gallery. I have also updated the GnatMQ broker (at version 0.9.1.0) and the M2Mqtt4CE project.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s