Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] Mosquitto remote_password for bridge with space character

On 2016-04-28 22:25, Sebastian Koch wrote:
>> I will create a bug in bugzilla and hope there is a fix soon.
> here is the bug (hope you don’t mind i mentioned you and linked this 
> discussion):

No problem, but Roger managed to migrate it to github and commit a fix
before I even saw it;

Although the change solves Sebastian's issue with a space character the
digging around made me aware that the current mosquitto can't facilitate
connections which requires passwords with non-ascii characters.

There might be no broker in existence to require that (I wouldn't know,
I've used only mosquitto). But according to the MQTT standard section
the password field is "binary data" not just a section 1.5.3 "UTF-8
encoded string"

Mosquitto currently regard the password as a string in the internal
"struct mosquitto" of lib/mosquitto_internal.h;

	char *password;

and uses string manipulation functions to process it.

A prominent example is when connecting as a client the number of bytes
to transmit of the password in struct mosquitto is determined using
Likewise when a broker hashes a client's password on authentication
during connect in the default auth plugin
Both would truncate the effective length of a binary password in struct
mosquitto at the first occurrence of a byte with value 0.

I don't regard this as a major problem, but if standard adherence and
interoperability is an objective there ought to be a way to specify a
binary password both for bridge connections in configuration file and
when using the client tools.
If not, or until implemented, at least this quirk/deficiency should be
documented somewhere.


Attachment: signature.asc
Description: OpenPGP digital signature

Back to the top