[erlang-questions] Retrieving TLS Information After/On Connect

Ryan Auger <>
Tue Aug 8 21:18:27 CEST 2017


Hello,

I am using PSKs to connect to my VMQTT/EMQTT instance, and need to modify the source code or write a plugin to set my clientid or username = psk-identity, thus creating a “TLS-PSK based authentication”. To be clear, my connection using PSKs works, and I can connect and send encrypted messages using an incredibly basic user_lookup_fun like so:

user_lookup(psk, _Username, UserState) ->
        {ok, UserState}.

The problem here is that I have no reference to the calling process, and can’t modify the ClientID or username, so I cannot authenticate users without sending an additional username and password. If someone gained access to my private key, they would be able to publish and subscribe to any topic because the psk_identity is not currently used in authentication.

The way I see it, there are two options:
1) Set the ClientID in user lookup -> this is impossible because I have no reference to the calling process
2) Find where the ClientID is set, use a function to get the psk-identity from the listening process, and then set the ClientID = psk-identity


For option 2, my first goal is to just get the psk_identity from somewhere in the code. I tried to use the erlang library function ssl_connection:connection_information(Client#mqtt_client.client_pid)]) on the client.connected hook,
But this process hangs and does not return any value.


Can anyone point me in the right direction for getting the TLS information from within the code? 
Otherwise, is there any way that I could go about option 1) without knowing anything about the calling process?


Thank you in advance!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20170808/94ef164f/attachment.html>


More information about the erlang-questions mailing list