From 888714ca9a6a34b3f82fa300f01c4090aa7aa01b Mon Sep 17 00:00:00 2001 From: Christian <6939810+chkr1011@users.noreply.github.com> Date: Wed, 6 Sep 2023 19:48:54 +0200 Subject: [PATCH 1/3] Fix wrong usage of TLS options --- .../WebSocket4NetMqttChannel.cs | 6 +++--- Source/MQTTnet/Client/Options/MqttClientOptionsBuilder.cs | 7 ++++++- Source/MQTTnet/Implementations/MqttWebSocketChannel.cs | 6 +++--- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/Source/MQTTnet.Extensions.WebSocket4Net/WebSocket4NetMqttChannel.cs b/Source/MQTTnet.Extensions.WebSocket4Net/WebSocket4NetMqttChannel.cs index b70735943..56f7f01f3 100644 --- a/Source/MQTTnet.Extensions.WebSocket4Net/WebSocket4NetMqttChannel.cs +++ b/Source/MQTTnet.Extensions.WebSocket4Net/WebSocket4NetMqttChannel.cs @@ -47,13 +47,13 @@ public Task ConnectAsync(CancellationToken cancellationToken) var uri = _webSocketOptions.Uri; if (!uri.StartsWith("ws://", StringComparison.OrdinalIgnoreCase) && !uri.StartsWith("wss://", StringComparison.OrdinalIgnoreCase)) { - if (_webSocketOptions.TlsOptions?.UseTls == false) + if (_webSocketOptions.TlsOptions?.UseTls == true) { - uri = "ws://" + uri; + uri = "wss://" + uri; } else { - uri = "wss://" + uri; + uri = "ws://" + uri; } } diff --git a/Source/MQTTnet/Client/Options/MqttClientOptionsBuilder.cs b/Source/MQTTnet/Client/Options/MqttClientOptionsBuilder.cs index 768d87541..65d4f6d3a 100644 --- a/Source/MQTTnet/Client/Options/MqttClientOptionsBuilder.cs +++ b/Source/MQTTnet/Client/Options/MqttClientOptionsBuilder.cs @@ -32,7 +32,12 @@ public MqttClientOptions Build() throw new InvalidOperationException("A channel must be set."); } - var tlsOptions = _tlsOptions; + // The user can specify the TCP options with already configured TLS options + // or start with TLS settings not knowing which transport will be used (depending + // on the order of called methods from the builder). + // The builder prefers the explicitly set TLS options! + var tlsOptions = _tlsOptions ?? _tcpOptions?.TlsOptions; + if (_tlsParameters != null) { if (_tlsParameters?.UseTls == true) diff --git a/Source/MQTTnet/Implementations/MqttWebSocketChannel.cs b/Source/MQTTnet/Implementations/MqttWebSocketChannel.cs index fdddcf6e0..a9f2b92ec 100644 --- a/Source/MQTTnet/Implementations/MqttWebSocketChannel.cs +++ b/Source/MQTTnet/Implementations/MqttWebSocketChannel.cs @@ -46,13 +46,13 @@ public async Task ConnectAsync(CancellationToken cancellationToken) var uri = _options.Uri; if (!uri.StartsWith("ws://", StringComparison.OrdinalIgnoreCase) && !uri.StartsWith("wss://", StringComparison.OrdinalIgnoreCase)) { - if (_options.TlsOptions?.UseTls == false) + if (_options.TlsOptions?.UseTls == true) { - uri = "ws://" + uri; + uri = "wss://" + uri; } else { - uri = "wss://" + uri; + uri = "ws://" + uri; } } From 0cdcc44552852752906eabdbc46b36f88e15688c Mon Sep 17 00:00:00 2001 From: Christian <6939810+chkr1011@users.noreply.github.com> Date: Wed, 6 Sep 2023 19:49:05 +0200 Subject: [PATCH 2/3] Fix public broker tests --- Source/MQTTnet.TestApp/PublicBrokerTest.cs | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/Source/MQTTnet.TestApp/PublicBrokerTest.cs b/Source/MQTTnet.TestApp/PublicBrokerTest.cs index 1659f2610..b43b00ef7 100644 --- a/Source/MQTTnet.TestApp/PublicBrokerTest.cs +++ b/Source/MQTTnet.TestApp/PublicBrokerTest.cs @@ -25,7 +25,9 @@ public static async Task RunAsync() UseTls = true, SslProtocol = SslProtocols.Tls13, // Don't use this in production code. This handler simply allows any invalid certificate to work. - CertificateValidationHandler = w => true + AllowUntrustedCertificates = true, + IgnoreCertificateChainErrors = true, + CertificateValidationHandler = _ => true }; #endif // Also defining TLS12 for servers that don't seem no to support TLS13. @@ -34,7 +36,9 @@ public static async Task RunAsync() UseTls = true, SslProtocol = SslProtocols.Tls12, // Don't use this in production code. This handler simply allows any invalid certificate to work. - CertificateValidationHandler = w => true + AllowUntrustedCertificates = true, + IgnoreCertificateChainErrors = true, + CertificateValidationHandler = _ => true }; // mqtt.eclipseprojects.io @@ -97,10 +101,10 @@ await ExecuteTestAsync( "test.mosquitto.org WS TLS12", new MqttClientOptionsBuilder().WithWebSocketServer(o => o.WithUri("test.mosquitto.org:8081/mqtt")).WithProtocolVersion(MqttProtocolVersion.V311).WithTlsOptions(unsafeTls12).Build()); - // await ExecuteTestAsync( - // "test.mosquitto.org WS TLS12 (WebSocket4Net)", - // new MqttClientOptionsBuilder().WithWebSocketServer("test.mosquitto.org:8081/mqtt").WithProtocolVersion(MqttProtocolVersion.V311).WithTls(unsafeTls12).Build(), - // true); + await ExecuteTestAsync( + "test.mosquitto.org WS TLS12 (WebSocket4Net)", + new MqttClientOptionsBuilder().WithWebSocketServer(o => o.WithUri("test.mosquitto.org:8081/mqtt")).WithProtocolVersion(MqttProtocolVersion.V311).WithTlsOptions(unsafeTls12).Build(), + true); // broker.emqx.io await ExecuteTestAsync( @@ -150,7 +154,6 @@ await ExecuteTestAsync( true); // mqtt.swifitch.cz: Does not seem to operate any more - // cloudmqtt.com: Cannot test because it does not offer a free plan any more. Write("Finished.", ConsoleColor.White); @@ -197,9 +200,10 @@ static async Task ExecuteTestAsync(string name, MqttClientOptions options, bool Write("[OK]\n", ConsoleColor.Green); } - catch (Exception e) + catch (Exception exception) { - Write("[FAILED] " + e.Message + "\n", ConsoleColor.Red); + Write("[FAILED]" + Environment.NewLine, ConsoleColor.Red); + Write(exception + Environment.NewLine, ConsoleColor.Red); } } From 415a26cc9bf355b13ca587d9722dc77872174bfa Mon Sep 17 00:00:00 2001 From: Christian <6939810+chkr1011@users.noreply.github.com> Date: Wed, 6 Sep 2023 19:49:37 +0200 Subject: [PATCH 3/3] Update ReleaseNotes.md --- .github/workflows/ReleaseNotes.md | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/.github/workflows/ReleaseNotes.md b/.github/workflows/ReleaseNotes.md index f6deec47a..8da356826 100644 --- a/.github/workflows/ReleaseNotes.md +++ b/.github/workflows/ReleaseNotes.md @@ -1,11 +1 @@ -* [Client] Fixed _PlatformNotSupportedException_ when using Blazor (#1755, thanks to @Nickztar). -* [Client] Added hot reload of client certificates (#1781). -* [Client] Added several new option builders and aligned usage (#1781, BREAKING CHANGE!). -* [Client] Added support for _RemoteCertificateValidationCallback_ for .NET 4.5.2, 4.6.1 and 4.8 (#1806, thanks to @troky). -* [Client] Fixed wrong logging of obsolete feature when connection was not successful (#1801, thanks to @ramonsmits). -* [Client] Fixed _NullReferenceException_ when performing several actions when not connected (#1800, thanks to @ramonsmits). -* [RpcClient] Added support for passing custom parameters to topic generation context (#1798, thanks to @Temppus). -* [Server] Fixed _NullReferenceException_ in retained messages management (#1762, thanks to @logicaloud). -* [Server] Exposed new option which allows disabling packet fragmentation (#1753). -* [Server] Expired sessions will no longer be used when a client connects (#1756). -* [Server] Fixed an issue in connection handling for ASP.NET connections (#1819, thanks to @CZEMacLeod). +* [Client] Fixed wrong TLS options handling (#1830).