Hello,
In both this question: https://github.com/emqtt/emqttd/issues/794 and this question: https://github.com/emqtt/emqttd/issues/585 certificate based client authentication is brought up and it was mentioned that it was being worked on in 2.1 and 2.2. Has this feature been deployed?
Currently, my application is using TLS-PSK to connect clients, and it's important to me that I can also authenticate them with the psk-identity if possible. Do you have any thoughts on how this could be done? I have read up on hooks quite a bit, and an idea I had was that whenever a client connected I could maybe change the Client Id in #mqtt_client to equal the psk-identity, but I can't find 1) where the client-id is set and 2)When this is set, i need access to the psk-identity, which doesn't seem to be accessible from anywhere.
Do you have any thoughts on how to accomplish this in the meantime before any version with certificate based authentication is added to the platform?
@codewiget95 This feature will be released in R2.3 :)
@emqplus, I am currently working on implementing this right now... is your email [email protected]? I'd love to chat about your implementation, especially since mine is for PSKs and I imagine you are using ssl:peercert?
@codewiget95 My email: [email protected] We implemented this feature using ssl:peercert to decode the DN and CN. You can discuss your design with [email protected] and submit a PR later:)
Is this feature release in 2.3-beta?
We need this functionality and I need to check what can be used as a starting point. Could you share any pointers.
Are there any updates on this issue? Is it going to be implemented at some time in near future? A very important and needed feature.
@uodasuodas @rejji @codewiget95 @codewiget95 The X.509 certificate-based authentication has been production ready in R2.3.2. Close the issue.
Most helpful comment
Is this feature release in 2.3-beta?
We need this functionality and I need to check what can be used as a starting point. Could you share any pointers.