Mosquitto is an open source (EPL/EDL licensed) message broker that implements the MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors or mobile devices such as phones, embedded computers or microcontrollers like the Arduino. A good example of this is all of the work that Andy Stanford-Clark (one of the originators of MQTT) has done in home monitoring and automation with his twittering house and twittering ferry. Andy gave a talk on this at OggCamp that explains a bit about MQTT and how he uses it. The slides and audio are available online at slideshare.

test6.mosquitto.org

Thanks to a short discussion on irc, test6.mosquitto.org now exists. This is a DNS entry that points to the same address as test.mosquitto.org, but only with an AAAA record. This means that test6.mosquitto.org can be used to test clients using IPv6 and to be sure that IPv6 is actually being used.

Version 1.4.7 released

This is a bugfix release. The changes below include the changes for 1.4.6, which wasn’t announced.

Broker

  • Add support for libwebsockets 1.6.

Client library

  • Fix _mosquitto_socketpair() on Windows, reducing the chance of delays when
    publishing. Closes #483979.

Clients

  • Fix “mosquitto_pub -l” stripping the final character on a line. Closes
    #483981.

If you want to use TLS certificates you’ve generated using the Let’s Encrypt service, this is how you should configure your listener (replace “example.com” with your own domain of course):

First you need a copy of the root certificate. This will either be the ISRG Root X1, or IdenTrust DST Root CA X3. You need to check which of these root CAs signed the intermediate certificate you are using:

openssl x509 -in /etc/letsencrypt/live/example.com/chain.pem -noout -issuer

If your intermediate was issued by the ISRG root then use:

wget https://letsencrypt.org/certs/isrgrootx1.pem

Otherwise you should go to https://www.identrust.com/certificates/trustid/root-download-x3.html to get the DST root certificate. Open a text editor, and paste the contents from that link, surrounding the text with the BEGIN and END lines as below:

-----BEGIN CERTIFICATE-----

pasted content goes here

-----END CERTIFICATE-----

Then, each time after your script to automatically generate your certificates runs you should also run:

cat /etc/letsencrypt/live/example.com/chain.pem /etc/letsencrypt/<your root>.pem > /etc/letsencrypt/live/example.com/chain-ca.pem

Then use the following for your mosquitto.conf:

listener 8883
cafile /etc/letsencrypt/live/example.com/chain-ca.pem
certfile /etc/letsencrypt/live/example.com/cert.pem
keyfile /etc/letsencrypt/live/example.com/privkey.pem

You need to be aware that current versions of mosquitto never update listener settings when running, so when you regenerate the server certificates you will need to completely restart the broker.

Version 1.4.5 released

This is a bugfix release:

Broker

  • Fix possible memory leak if bridge using SSL attempts to connect to a host that is not up.
  • Free unused topic tree elements (fix in 1.4.3 was incomplete). Closes
    #468987.

Clients

  • “mosquitto_pub -l” now no longer limited to 1024 byte lines. Closes #478917.

Version 1.4.4 released

This is a bugfix release.

  • Don’t leak sockets when outgoing bridge with multiple addresses cannot connect. Closes #477571.
  • Fix cross compiling of websockets. Closes #475807.
  • Fix memory free related crashes on openwrt and FreeBSD. Closes #475707.
  • Fix excessive calls to message retry check.

Version 1.4.3 released

This is a bugfix release.

Broker

  • Fix incorrect bridge notification on initial connection. Closes #467096.
  • Build fixes for OpenBSD.
  • Fix incorrect behaviour for autosave_interval, most noticable for autosave_interval=1. Closes #465438.
  • Fix handling of outgoing QoS>0 messages for bridges that could not be sent because the bridge connection was down.
  • Free unused topic tree elements. Closes #468987.
  • Fix some potential memory leaks. Closes #470253.
  • Fix potential crash on libwebsockets error.

Client library

  • Add missing error strings to mosquitto_strerror.
  • Handle fragmented TLS packets without a delay. Closes #470660.
  • Fix incorrect loop timeout being chosen when using threaded interface and keepalive = 0. Closes #471334.
  • Increment inflight messages count correctly. Closes #474935.

Clients

  • Report error string on connection failure rather than error code.

The current unreleased libwebsockets master branch defines the VERSION macro in its header files. I believe this to be a bug in libwebsockets.

This bug causes compilation of mosquitto with websockets support to fail.

Please use a released version of libwebsockets, either 1.2, 1.3 or 1.4. Mosquitto will compile with all of these versions.

I do not recommend using an unreleased version of libwebsockets, the project is not shy about making ABI/API incompatible changes between releases so it is impractical to provide support for.

Version 1.4.2 released

This is a bugfix release.

Broker

  • Fix bridge prefixes only working for the first outgoing message. Closes #464437.
  • Fix incorrect bridge connection notifications on local broker.
  • Fix persistent db writing on Windows. Closes #464779.
  • ACLs are now checked before sending a will message.
  • Fix possible crash when using bridges on Windows. Closes #465384.
  • Fix parsing of auth_opt_ arguments with extra spaces/tabs.
  • Broker will return CONNACK rc=5 when a username/password is not authorised. This was being incorrectly set as rc=4.
  • Fix handling of payload lengths>4096 with websockets.

Client library

  • Inflight message count wasn’t being decreased for outgoing messages using QoS 2, meaning that only up to 20 QoS 2 messages could be sent. This has been fixed. Closes #464436.
  • Fix CMake dependencies for C++ wrapper building. Closes #463884.
  • Fix possibility of select() being called with a socket that is >FD_SETSIZE. This is a fix for #464632 that will be followed up by removing the select() call in a future version.
  • Fix calls to mosquitto_connect*_async() not completing.

Version 1.4.1 released

This is a bugfix and security release. Users of mosquitto 1.4 are strongly advised to upgrade. Upgrading from earlier versions is recommended but not as important.

Broker

  • Fix possible crash under heavy network load. Closes #463241. This bug only affects version 1.4.
  • Fix possible crash when using pattern ACLs.
  • Fix problems parsing config strings with multiple leading spaces. Closes #462154.
  • Websockets clients are now periodically disconnected if they have not maintained their keepalive timer. Closes #461619.
  • Fix possible minor memory leak on acl parsing.

Client library

  • Inflight limits should only apply to outgoing messages. Closes #461620.
  • Fix reconnect bug on Windows. Closes #463000.
  • Return -1 on error from mosquitto_socket(). Closes #461705.
  • Fix crash on multiple calls to mosquitto_lib_init/mosquitto_lib_cleanup. Closes #462780.
  • Allow longer paths on Windows. Closes #462781.
  • Make _mosquitto_mid_generate() thread safe. Closes #463479.

Version 1.4 released

This is a feature release and is also the first release of the mosquitto project from the Eclipse Foundation umbrella. The code is now dual licenced under the EPL/EDL. The EDL and BSD 3 clause license are essentially identical so if you were happy with the BSD license then you should be happy with the EDL.

Files distributed will remain in the same place but will in some cases also be available on the Eclipse download servers.

Important changes

  • Websockets support in the broker.
  • Bridge behaviour on the local broker has changed due to the introduction of the local_* options. This may affect you if you are using authentication  and/or ACLs with bridges.
  • The default TLS behaviour has changed to accept all of TLS v1.2, v1.1 and v1.0, rather than only one version of the protocol. It is still possible to restrict a listener to a single version of TLS.
  • The Python client has been removed now that the Eclipse Paho Python client has had a release.
  • When a durable client reconnects, its queued messages are now checked against ACLs in case of a change in username/ACL state since it last connected.
  • New use_username_as_clientid option on the broker, for preventing hijacking of a client id.
  • The client library and clients now have experimental SOCKS5 support.
  • Wildcard TLS certificates are now supported for bridges and clients.
  • The clients have support for config files with default options.
  • Client and client libraries have support for MQTT v3.1.1.
  • Bridge support for MQTT v3.1.1.

Broker

  • Websockets support in the broker.
  • Add local_clientid, local_username, local_password for bridge connections to authenticate to the local broker.
  • Default TLS mode now accepts TLS v1.2, v1.1 and v1.0.
  • Support for ECDHE-ECDSA family ciphers.
  • Fix bug #1324411, which could have had unexpected consequences for delayed messages in rare circumstances.
  • Add support for “session present” in CONNACK messages for MQTT v3.1.1.
  • Remove strict protocol #ifdefs.
  • Change $SYS/broker/clients/active -> $SYS/broker/clients/connected
  • Change $SYS/broker/clients/inactive -> $SYS/broker/clients/disconnected
  • When a durable client reconnects, its queued messages are now checked against ACLs in case of a change in username/ACL state since it last connected.
  • libuuid is used to generate client ids, where it is available, when an MQTT v3.1.1 client connects with a zero length client id.
  • Anonymous clients are no longer accidently disconnected from the broker after a SIGHUP.
  • mosquitto_passwd now supports -b (batch mode) to allow the password to be provided at the command line.
  • Removed $SYS/broker/changeset. This was intended for use with debugging, but in practice is of no use.
  • Add support for use_username_as_clientid which can be used with authentication to restrict ownership of client ids and hence prevent one client disconnecting another by using the same client id.
  • When “require_certificate” was false, the broker was incorrectly asking for a certificate (but not checking it). This caused problems with some clients and has been fixed so the broker no longer asks.
  • When using syslog logging on non-Windows OSs, it is now possible to specify the logging facility to one of local0-7 instead of the default “daemon”.
  • The bridge_attempt_unsubscribe option has been added, to allow the sending of UNSUBSCRIBE requests to be disabled for topics with “out” direction. Closes bug #456899.
  • Wildcard TLS certificates are now supported for bridges.
  • Support for “hour” client expiration lengths for the persistent_client_expiration option. Closes bug #425835.
  • Bridge support for MQTT v3.1.1.
  • Root privileges are now dropped after starting listeners and loading certificates/private keys, to allow private keys to have their permissions restricted to the root user only. Closes bug #452914.
  • Usernames and topics given in ACL files can now include a space. Closes bug #431780.
  • Fix hang if pattern acl contains a %u but an anonymous client connect. Closes bug #455402.
  • Fix man page installation with cmake. Closes bug #458843.
  • When using “log_dest file” the output file is now flushed periodically.

Clients

  • Both clients can now load default configuration options from a file.
  • Add -C option to mosquitto_sub to allow the client to quit after receiving a certain count of messages. Closes bug #453850.
  • Add –proxy SOCKS5 support for both clients.
  • Pub client supports setting its keepalive. Closes bug #454852.
  • Add support for config files with default options.
  • Add support for MQTT v3.1.1.

Client library

  • Add experimental SOCKS5 support.
  • mosquitto_loop_forever now quits after a fatal error, rather than blindly retrying.
  • SRV support is now not compiled in by default.
  • Wildcard TLS certificates are now supported.
  • mosquittopp now has a virtual destructor. Closes bug #452915.
  • Add support for MQTT v3.1.1.
  • Don’t quit mosquitto_loop_forever() if broker not available on first connect. Closes bug #453293, but requires more work.

Dependencies

This release introduces two new dependencies, libwebsockets and libuuid. Both are optional. libuuid comes from the e2fsprogs project and allows the broker to generate random client ids for MQTT v.3.1.1. The libwebsockets dependency can use either libwebsockets 1.3 or 1.2.x, with 1.3 being the preferred choice.