Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-6416

Enable MQTT Plug-in for Agent2 to support client-certificate with TLS

    XMLWordPrintable

Details

    • New Feature Request
    • Status: Open
    • Medium
    • Resolution: Unresolved
    • 5.2.2
    • None
    • Agent2 plugin (N)
    • None

    Description

      Per the discussion in https://support.zabbix.com/browse/ZBXNEXT-6328 this is a feature request to add client certificate-based authentication to TLS connections with MQTT.  This is required to use the AWS IoT Core service.

      In order to achieve this, the MQTT plugin will need to call tls.LoadX509KeyPair() with paths to the client cert and key, create a TLS Config object containing that configuration, then set the TLS config as an MQTT option using SetTLSConfig(). 

      I have attached a patch that does this by treating a username and password that begins with a '/' as a path to a cert/key to be loaded into TLS.  It may make sense to add additional checks that confirm a username starting with a '/' is actually a file before loading it, but I didn't add code for that to my proof-of-concept.

      Attachments

        Activity

          People

            vso Vladislavs Sokurenko
            tedcabeen Ted Cabeen
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: