add support for TLS-PSK

closes #74

README.md

@@ -220,6 +220,8 @@ This section lists the most important options of the Recorder with their long na
 
 `--port` is the port number of the MQTT broker and overrides `$OTR_PORT`; it defaults to 1883. Setting this to 0 disables MQTT even if it is compiled-in.
 
+`--identity` and `--psk` define the TLS PSK identity and preshared key respectively to use in a TLS-PSK connection to Mosquitto. Note that the listener needs to be set up accordingly and that it is an error to configure `--cafile` together with these options.
+
 `--user` overrides `$OTR_USER` and specifies the username to use in the MQTT connection.
 
 `--qos` specifies the MQTT QoS to use; it defaults to 2.

recorder.c

@@ -1153,6 +1153,8 @@ void usage(char *prog)
 	printf("  --pubprefix		-P     republish prefix (dflt: no republish)\n");
 	printf("  --host		-H     MQTT host (localhost)\n");
 	printf("  --port		-p     MQTT port (1883)\n");
+	printf("  --psk                        PSK hint\n");
+	printf("  --identity                   PSK identity\n");
 #endif
 	printf("  --logfacility		       syslog facility (local0)\n");
 	printf("  --quiet		       disable printing of messages to stdout\n");
@@ -1223,6 +1225,8 @@ int main(int argc, char **argv)
 	udata.capath		= NULL;
 	udata.certfile		= NULL;
 	udata.keyfile		= NULL;
+	udata.psk		= NULL;
+	udata.identity		= NULL;
 #endif
 	udata.ignoreretained	= TRUE;
 	udata.skipdemo		= TRUE;
@@ -1332,6 +1336,8 @@ int main(int argc, char **argv)
 			{ "qos",	required_argument,	0, 	'q'},
 			{ "host",	required_argument,	0, 	'H'},
 			{ "port",	required_argument,	0, 	'p'},
+			{ "psk",	required_argument,	0, 	20},
+			{ "identity",	required_argument,	0, 	21},
 #endif /* !MQTT */
 			{ "storage",	required_argument,	0, 	'S'},
 			{ "logfacility",	required_argument,	0, 	4},
@@ -1440,6 +1446,13 @@ int main(int argc, char **argv)
 				if (ud->browser_apikey) free(ud->browser_apikey);
 				ud->browser_apikey = strdup(optarg);
 				break;
+
+			case 20:
+				ud->psk = strdup(optarg);
+				break;
+			case 21:
+				ud->identity = strdup(optarg);
+				break;
 #endif
 			case 'D':
 				ud->skipdemo = FALSE;
@@ -1627,6 +1640,18 @@ int main(int argc, char **argv)
 			mosquitto_username_pw_set(mosq, ud->username, ud->password);
 		}
 
+		if (ud->psk && ud->cafile) {
+			olog(LOG_ERR, "Configuring TLS together with PSK is an error");
+			exit(2);
+		}
+
+		if (ud->psk && *ud->psk && ud->identity && *ud->identity) {
+			rc = mosquitto_tls_psk_set(mosq,
+				ud->psk,
+				ud->identity,
+				NULL);			/* Ciphers */
+		}
+
 		if (ud->cafile && *ud->cafile) {
 
 			if (access(ud->cafile, R_OK) != 0) {
@@ -1655,10 +1680,11 @@ int main(int argc, char **argv)
 
 		}
 
-		olog(LOG_INFO, "connecting to MQTT on %s:%d as clientID %s %s TLS",
+		olog(LOG_INFO, "connecting to MQTT on %s:%d as clientID %s %s %s",
 			ud->hostname, ud->port,
 			ud->clientid,
-			(ud->cafile && *ud->cafile) ? "with" : "without");
+			((ud->cafile && *ud->cafile) || (ud->psk && *ud->psk)) ? "with" : "without",
+			(ud->psk && *ud->identity) ? "PSK" : "TLS");
 
 		rc = mosquitto_connect(mosq, ud->hostname, ud->port, 60);
 		if (rc) {

udata.h

@@ -26,6 +26,8 @@ struct udata {
 	char *capath;			/* CA path */
 	char *certfile;			/* certificate (client) */
 	char *keyfile;			/* client key */
+	char *identity;			/* PSK identity (hint) */
+	char *psk;			/* PSK */
 #endif
 	int skipdemo;			/* True if _demo users are to be skipped */
 	int revgeo;			/* True (default) if we should do reverse Geo lookups */