Re: [mosquitto-dev] config file questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [mosquitto-dev] config file questions

From: Greg Troxel <gdt@xxxxxxxxxx>
Date: Thu, 04 Jul 2019 15:13:13 -0400
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/mosquitto-dev>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>
Openpgp: id=098ED60E
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (berkeley-unix)

Roger Light <roger@xxxxxxxxxx> writes:

>> 5. The "per_listener_settings" section in mosquitto.conf(5) is
>> confusing.  It does not explain what it means for authentication to be
>> separate per listener, and it isn't quite clear what a listener is, and
>> why one does or doesn't want to use this.
>
> Thanks, that's a good comment, I'll see about improving it.

(Having been on the other side, I realize that it's hard to explain
things to newcomers when you understand them intimately.)

I figured out all of this pretty quickly, but I'm much more experienced
than is typical in both sysadmin and protocol specs/implementations.

My confusions about listeners are:

  the config file description gives a bunch of statements, but it does
  not describe structure.  This gives the impression that the statements
  are unordered and essentially form a set.  But this is not true; there
  is a hierarchy where some statements create listeners and some
  statements affect the listener that is currently being defined, which
  might be implicit.

  The documentation talks about port 1883 vs 8883, which is obviously a
  pair that one does not and does usually use TLS on.  But it doesn't
  say that port number and TLS are or are not linked.  I think they
  aren't linked in code, just by custom.

  I now think that a listener is TLS iff it has a capath statement.  Or
  maybe it's certfile/keyfile.  If capath matters, this doesn't really
  make sense, because if you're going to use TLS on the server, say with
  a LE cert, and use username/password with clients, there is no need
  for the server to validate certificates.  So I think there should be
  an explicit 'do_tls true/false'.  That would also be far easier to
  understand on reading the man page and reading the config file.

  I think even with per_listener true, there should be a way to have
  config that affects all listeners.

  I tried to disable the default listener but because I had capath
  earlier (before I switched to per_listner).  So I think it would be
  far better to say that the default listener only happens if there is
  no listener defined, and once you define one, the default one is gone.
  That lets the no-config option listen w/o TLS on 1883, presumably for
  testing, and means that a config with a definition is much less
  mysterious.

Which is to say I am no longer confused; now I merely think the next
person to try to configure anything non-default will get it wrong :-)

Follow-Ups:
- Re: [mosquitto-dev] config file questions
  - From: Roger Light

References:
- [mosquitto-dev] cnofig file theory, standard approach
  - From: Greg Troxel
- [mosquitto-dev] config file questions
  - From: Greg Troxel
- Re: [mosquitto-dev] config file questions
  - From: Roger Light

Prev by Date: Re: [mosquitto-dev] config file questions
Next by Date: Re: [mosquitto-dev] config file questions
Previous by thread: Re: [mosquitto-dev] config file questions
Next by thread: Re: [mosquitto-dev] config file questions
Index(es):
- Date
- Thread

Breadcrumbs