From 5a5e4f0708262dd0b93aab0fece1bd541354c2ca Mon Sep 17 00:00:00 2001
From: Jan-Piet Mens <jpmens@gmail.com>
Date: Mon, 13 Mar 2017 17:33:20 +0100
Subject: [PATCH] support for CA_PATH and TLS client certificates 	closes
 #184 	closes #159

---
 README.md  |  3 +++
 recorder.c | 30 +++++++++++++++++++++++++++---
 udata.h    |  3 +++
 3 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 624268a..74632e3 100644
--- a/README.md
+++ b/README.md
@@ -280,6 +280,9 @@ The following configuration settings may be applied (a `Y` in column `$` means a
 | `OTR_BROWSERAPIKEY`   |  Y    |               | Google maps browser API key
 | `OTR_TOPICS`          |       |               | String containing a space-separated list of topics to subscribe to for MQTT (overridden by command-line arguments)
 | `OTR_CAFILE`          |  Y    |               | Path to PEM-encoded CA certificate file for MQTT (implicitly enables TLS)
+| `OTR_CAPATH`          |       |               | Directory of c_rehashed PEM certificates
+| `OTR_CERTFILE`        |       |               | Path to PEM-encoded client certificate
+| `OTR_KEYFILE`         |       |               | Path to PEM-encoded client key
 
 
 Note that options passed to `ot-recorder` override both configuration file settings and environment variables.
diff --git a/recorder.c b/recorder.c
index 8d77a2b..489d946 100644
--- a/recorder.c
+++ b/recorder.c
@@ -1208,6 +1208,9 @@ int main(int argc, char **argv)
 	udata.clientid		= NULL;
 	udata.topics		= NULL;
 	udata.cafile		= NULL;
+	udata.capath		= NULL;
+	udata.certfile		= NULL;
+	udata.keyfile		= NULL;
 #endif
 	udata.ignoreretained	= TRUE;
 	udata.skipdemo		= TRUE;
@@ -1280,6 +1283,24 @@ int main(int argc, char **argv)
 		ud->cafile = strdup(p);
 	}
 
+	if ((p = getenv("OTR_CAPATH")) != NULL) {
+		if (ud->capath)
+			free(ud->capath);
+		ud->capath = strdup(p);
+	}
+
+	if ((p = getenv("OTR_CERTFILE")) != NULL) {
+		if (ud->certfile)
+			free(ud->certfile);
+		ud->certfile = strdup(p);
+	}
+
+	if ((p = getenv("OTR_KEYFILE")) != NULL) {
+		if (ud->keyfile)
+			free(ud->keyfile);
+		ud->keyfile = strdup(p);
+	}
+
 #endif
 	if ((p = getenv("OTR_BROWSERAPIKEY")) != NULL) {
 		if (ud->browser_apikey)
@@ -1603,9 +1624,9 @@ int main(int argc, char **argv)
 
 			rc = mosquitto_tls_set(mosq,
 				ud->cafile,		/* cafile */
-				NULL,			/* capath */
-				NULL,			/* certfile */
-				NULL,			/* keyfile */
+				ud->capath,		/* capath */
+				ud->certfile,		/* certfile */
+				ud->keyfile,		/* keyfile */
 				NULL			/* pw_callback() */
 				);
 			if (rc != MOSQ_ERR_SUCCESS) {
@@ -1760,6 +1781,9 @@ int main(int argc, char **argv)
 	free(ud->hostname);
 	if (ud->clientid) free(ud->clientid);
 	if (ud->cafile) free(ud->cafile);
+	if (ud->capath) free(ud->capath);
+	if (ud->certfile) free(ud->certfile);
+	if (ud->keyfile) free(ud->keyfile);
 #endif
 
 	return (0);
diff --git a/udata.h b/udata.h
index 8286492..d510e1d 100644
--- a/udata.h
+++ b/udata.h
@@ -23,6 +23,9 @@ struct udata {
 	char *password;			/* MQTT password */
 	char *clientid;			/* MQTT clientid */
 	char *cafile;			/* path to CA PEM for MQTT */
+	char *capath;			/* CA path */
+	char *certfile;			/* certificate (client) */
+	char *keyfile;			/* client key */
 #endif
 	int skipdemo;			/* True if _demo users are to be skipped */
 	int revgeo;			/* True (default) if we should do reverse Geo lookups */