[CIT-122] A library to build MQTT client#11
Merged
didier-wenzek merged 1 commit intothin-edge:mainfrom Dec 22, 2020
didier-wenzek:feature/CIT-122/MQTT-Client-Library
Merged
[CIT-122] A library to build MQTT client#11didier-wenzek merged 1 commit intothin-edge:mainfrom didier-wenzek:feature/CIT-122/MQTT-Client-Library
didier-wenzek merged 1 commit intothin-edge:mainfrom
didier-wenzek:feature/CIT-122/MQTT-Client-Library
Conversation
[CIT-122] Cargo fmt
[CIT-122] Improve naming
[CIT-122] Remove magic number
[CIT-122] Spawn a task for `publish_temperature`
[CIT-122] Use futures_timer::Delay instead of tokio::sleep
[CIT-122] Use futures::select!
[CIT-122] Avoid to redefine variables
[CIT-122] Rearrange imports
[CIT-122] Remove unused file
[CIT-122] Fix error handling
[CIT-122] Fix typo and error messages
[CIT-122] Clean required tokio's features list
[CIT-122] Removing author from cargo
[CIT-122] Use `log` instead of `println`
[CIT-122] Upgrade to rumqttc 0.3
[CIT-122] Fix system tests
[CIT-122] Add first integration test
[CIT-122] Document the API
[CIT-122] Refactore example `temperature_publisher`
[CIT-122] Check topic name and filter validity
[CIT-122] Break the event loop on disconnect
[CIT-122] Treat error receiver lag as an error
[CIT-122] Publish the internal MQTT errors on a stream
[CIT-122] First working version
[CIT-122] Initial API
Contributor
Author
|
I somehow mess up the log history of my PR (It seems I should have use a Here is a new PR which override thin-edge/pull/7 |
Closed
ChrisGreenaway
approved these changes
Dec 22, 2020
Contributor
ChrisGreenaway
left a comment
There was a problem hiding this comment.
Team needs PR approved, so approving despite one of the builds not running.
11 tasks
18 tasks
github-merge-queue bot
pushed a commit
that referenced
this pull request
Apr 23, 2025
feat: Key selection using PKCS #11 URI
11 tasks
11 tasks
13 tasks
11 tasks
github-merge-queue bot
pushed a commit
that referenced
this pull request
Oct 13, 2025
Parse "pin-value" query attribute if it's present in a PKCS 11 URI. RFC7512 specifies a "pin-value" query attribute that can be used to provide the PIN value, which we can use to pass it in the request. Because it is sensitive, there are security considerations, of interest to us being this part of the RFC: > Section 7.5 of [RFC3986] applies since a PKCS #11 URI may be used in > world-readable command-line arguments to run applications, stored in > public configuration files, or otherwise used in clear text. For > that reason, the "pin-value" attribute should only be used if the URI > string itself is protected with the same level of security as the > token PIN itself otherwise is. In our case, the challenge is in not showing up these values in the logs. On tedge-p11-server side as soon as we're parsing URI we can put in in a secrecy wrapper, to not be able to print it from then on, but there's nothing preventing printing the value before it's parsed on the server, or on the client making the request. Signed-off-by: Marcel Guzik <marcel.guzik@cumulocity.com>
github-merge-queue bot
pushed a commit
that referenced
this pull request
Oct 13, 2025
Allows the user to provide a PIN value to be used when logging into PKCS11 token as a query attribute in the URI, e.g. when the following value is set as `device.key_uri`: pkcs11:token=mytoken;object=mykey?pin-value=my-pin tedge-p11-server will attempt to login to the token using `my-pin` instead of the default PIN tedge-p11-server was started with. Because it is sensitive, there are security considerations, of interest to us being this part of the RFC: > Section 7.5 of [RFC3986] applies since a PKCS #11 URI may be used in > world-readable command-line arguments to run applications, stored in > public configuration files, or otherwise used in clear text. For > that reason, the "pin-value" attribute should only be used if the URI > string itself is protected with the same level of security as the > token PIN itself otherwise is. In our case, the challenge is in not showing up these values in the logs. On tedge-p11-server side as soon as we're parsing URI we can put in in a secrecy wrapper, to not be able to print it from then on, but there's nothing preventing printing the value before it's parsed on the server, or on the client making the request. Signed-off-by: Marcel Guzik <marcel.guzik@cumulocity.com>
25 tasks
Merged
11 tasks
12 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.