Merge branch 'feature/support_clientkey_password' into 'master'

add support for password protected client-key See merge request espressif/esp-mqtt!53
2025-07-29 18:28:24 +02:00 · 2020-01-09 02:57:30 +08:00
parent f74fe3d887 2684ed413d
commit 86fc8b7584
3 changed files with 19 additions and 0 deletions
--- a/include/mqtt_client.h
+++ b/include/mqtt_client.h
@ -168,6 +168,8 @@ typedef struct {
    bool          use_global_ca_store;      /*!< Use a global ca_store for all the connections in which this bool is set. */
    int reconnect_timeout_ms;               /*!< Reconnect to the broker after this value in miliseconds if auto reconnect is not disabled */
    const char **alpn_protos;               /*!< NULL-terminated list of supported application protocols to be used for ALPN */
+    const char *clientkey_password;         /*!< Client key decryption password string */
+    int clientkey_password_len;             /*!< String length of the password pointed to by clientkey_password */
 } esp_mqtt_client_config_t;

 /**
--- a/include/mqtt_supported_features.h
+++ b/include/mqtt_supported_features.h
@ -44,6 +44,7 @@
 #define MQTT_SUPPORTED_FEATURE_PSK_AUTHENTICATION
 #define MQTT_SUPPORTED_FEATURE_DER_CERTIFICATES
 #define MQTT_SUPPORTED_FEATURE_ALPN
+#define MQTT_SUPPORTED_FEATURE_CLIENT_KEY_PASSWORD
 #endif
 #endif

--- a/mqtt_client.c
+++ b/mqtt_client.c
@ -80,6 +80,8 @@ typedef struct {
    int reconnect_timeout_ms;
    char **alpn_protos;
    int num_alpn_protos;
+    char *clientkey_password;
+    int clientkey_password_len;
 } mqtt_config_storage_t;

 typedef enum {
@ -277,6 +279,12 @@ esp_err_t esp_mqtt_set_config(esp_mqtt_client_handle_t client, const esp_mqtt_cl
        }
    }

+    if (config->clientkey_password && config->clientkey_password_len) {
+        cfg->clientkey_password_len = config->clientkey_password_len;
+        cfg->clientkey_password = malloc(cfg->clientkey_password_len);
+        memcpy(cfg->clientkey_password, config->clientkey_password, cfg->clientkey_password_len);
+    }
+
    MQTT_API_UNLOCK_FROM_OTHER_TASK(client);
    return ESP_OK;
 _mqtt_set_config_failed:
@ -296,6 +304,7 @@ static esp_err_t esp_mqtt_destroy_config(esp_mqtt_client_handle_t client)
            free(cfg->alpn_protos[i]);
    }
    free(cfg->alpn_protos);
+    free(cfg->clientkey_password);
    free(client->connect_info.will_topic);
    free(client->connect_info.will_message);
    free(client->connect_info.client_id);
@ -473,6 +482,13 @@ esp_mqtt_client_handle_t esp_mqtt_client_init(const esp_mqtt_client_config_t *co
    }
    MQTT_TRANSPORT_SET_CERT_OR_KEY(esp_transport_ssl_set_client_cert_data, config->client_cert_pem, config->client_cert_len);
    MQTT_TRANSPORT_SET_CERT_OR_KEY(esp_transport_ssl_set_client_key_data, config->client_key_pem, config->client_key_len);
+#ifdef MQTT_SUPPORTED_FEATURE_CLIENT_KEY_PASSWORD
+    if (client->config->clientkey_password && client->config->clientkey_password_len) {
+        esp_transport_ssl_set_client_key_password(ssl,
+                                                  client->config->clientkey_password,
+                                                  client->config->clientkey_password_len);
+    }
+#endif

    if (config->psk_hint_key) {
 #ifdef MQTT_SUPPORTED_FEATURE_PSK_AUTHENTICATION