Skip to content

Allow the application to provide or customize the OpenSSL SSL_CTX #1674

Description

@adam-siwak

We need to use secrets stored in an HSM to establish an mTLS connection with the broker, and we'd prefer to avoid adding PKCS#11 support to Paho directly.

We'd like to implement one of two solutions:

  • Inject the context: create the SSL_CTX in the application, manage its lifetime outside of Paho, and pass it along with the other connection settings, so that Paho uses it to establish the connection.
  • Expose the context: have Paho expose the SSL_CTX it manages internally. The connection options would be extended with a callback supplied by the application, which Paho would invoke at the end of SSLSocket_createContext(), once all other parameters are set.

Both approaches are generic and could address more than one open issue (see #981 and discussion #1226).

Before opening a PR, we'd like to ask which solution the community would prefer. Exposing the context was suggested in one of the linked issues; injecting it is the pattern commonly used in other language bindings, such as Java and Python.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions