Mosquitto is an open source (BSD licensed) message broker that implements the MQ Telemetry Transport protocol version 3.1. MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors or mobile devices such as phones, embedded computers or microcontrollers like the Arduino. A good example of this is all of the work that Andy Stanford-Clark (one of the originators of MQTT) has done in home monitoring and automation with his twittering house and twittering ferry. Andy gave a talk on this at OggCamp that explains a bit about MQTT and how he uses it. The slides and audio are available online at slideshare.

Version 1.3.2 released

This is a security and bugfix release.

Security

A bug in the way that mosquitto handles authentication plugins has been identified. When using a plugin for authentication purposes, if the plugin returns MOSQ_ERR_UNKNOWN when making an authentication check, as might happen if a database was unavailable for example, then mosquitto incorrectly treats this as a successful authentication. This has the potential for unauthorised clients to access the running mosquitto broker and gain access to information to which they are not authorised. This is an important update for users of authentication plugins in mosquitto.

Broker

  • Don’t allow access to clients when authenticating if a security plugin returns an application error. Fixes bug #1340782.
  • Ensure that bridges verify certificates by default when using TLS.
  • Fix possible crash when using pattern ACLs that do not include a %u and clients that connect without a username.
  • Fix subscriptions being deleted when clients subscribed to a topic beginning with a $ but that is not $SYS.
  • When a durable client reconnects, its queued messages are now checked against ACLs in case of a change in username/ACL state since it last connected.
  • Anonymous clients are no longer accidently disconnected from the broker after a SIGHUP.
  • Fix bug #1324411, which could have had unexpected consequences for delayed messages in rare circumstances.

Client library

  • Fix topic matching edge case.
  • Fix callback deadlocks after calling mosquitto_disconnect(), when using the threaded interfaces. Closes bug #1313725.
  • Fix SRV support when building with CMake.

General

  • Use $(STRIP) for stripping binaries when installing, to allow easier cross compilation.

New arrival

I’m pleased to say that I’m a new father again. My 7lb 12 (3.57kg) boy arrived today and is quite happy, as is his mother.

Apologies to anybody who has emailed me recently and I’ve not yet replied – this is the main reason!

14098345978_c15d12f19a_z

Version 1.3.1 released

This is a bugfix release:

Broker

  • Prevent possible crash on client reconnect. Closes bug #1294108.
  • Don’t accept zero length unsubscription strings (MQTT v3.1.1 fix)
  • Don’t accept QoS 3 (MQTT v3.1.1 fix)
  • Don’t disconnect clients immediately on HUP to give chance for all data to be read.
  • Reject invalid un/subscriptions e.g. foo/+bar #/bar.
  • Take more care not to disconnect clients that are sending large messages.

Client library

  • Fix socketpair code on the Mac.
  • Fix compilation for WITH_THREADING=no.
  • Break out of select() when calling mosquitto_loop_stop().
  • Reject invalid un/subscriptions e.g. foo/+bar #/bar.

Clients

  • Fix keepalive value on mosquitto_pub.
  • Fix possibility of mosquitto_pub not exiting after sending messages when using -l.

Version 1.3 released

This is a feature and bugfix release. It is the final release, with the possible exception of bugfixes, outside of the Eclipse mosquitto project. The main reason for this release is to bring support for the current MQTT v3.1.1 draft ahead (just) of the MQTT interoperability testing day.

Broker

  • The broker no longer ignores the auth_plugin_init() return value.
  • Accept SSLv2/SSLv3 HELLOs when using TLSv1, whilst keeping SSLv2 and SSLv3 disabled. This increases client compatibility without sacrificing security.
  • The $SYS tree can now be disabled at runtime as well as at compile time.
  • When remapping bridged topics, only check for matches when the message direction is correct. This allows two identical topics to be remapped differently for both in and out.
  • Change “$SYS/broker/heap/current size” to “$SYS/broker/heap/current” for easier parsing.
  • Change “$SYS/broker/heap/maximum size” to “$SYS/broker/heap/maximum” for easier parsing.
  • Topics are no longer normalised from e.g a///topic to a/topic. This matches the behaviour as clarified by the Oasis MQTT spec. This will lead to unexpected behaviour if you were using topics of this form.
  • Log when outgoing messages for a client begin to drop off the end of the queue.
  • Bridge clients are recognised as bridges even after reloading from persistence.
  • Basic support for MQTT v3.1.1. This does not include being able to bridge to an MQTT v3.1.1 broker.
  • Username is displayed in log if present when a client connects.
  • Support for 0 length client ids (v3.1.1 only) that result in automatically generated client ids on the broker (see option allow_zero_length_clientid).
  • Ability to set the prefix of automatically generated client ids (see option auto_id_prefix).
  • Add support for TLS session resumption.
  • When using TLS, the server now chooses the cipher to use when negotiating with the client.
  • Weak TLS ciphers are now disabled by default.

Client library

  • Fix support for Python 2.6, 3.0, 3.1.
  • Add support for un/subscribing to multiple topics at once in un/subscribe().
  • Clients now close their socket after sending DISCONNECT.
  • Python client now contains its version number.
  • C library mosquitto_want_write() now supports TLS clients.
  • Fix possible memory leak in C/C++ library when communicating with a broker that doesn’t follow the spec.
  • Return strerror() through mosquitto_strerror() to make error printing easier.
  • Topics are no longer normalised from e.g a///topic to a/topic. This matches the behaviour as clarified by the Oasis MQTT spec. This will lead to unexpected behaviour if you were using topics of this form.
  • Add support for SRV lookups.
  • Break out of select() on publish(), subscribe() etc. when using the threaded interface. Fixes bug #1270062.
  • Handle incoming and outgoing messages separately. Fixes bug #1263172.
  • Don’t terminate threads on mosquitto_destroy() when a client is not using the threaded interface but does use their own thread. Fixes bug #1291473.

Clients

  • Add –ciphers to allow specifying which TLS ciphers to support.
  • Add support for SRV lookups.
  • Add -N to sub client to suppress printing of EOL after the payload.
  • Add -T to sub client to suppress printing of a topic hierarchy.

Paho MQTT Python Client

The Mosquitto Python client was donated to the Eclipse Paho project in June of this year. As mosquitto.py has been very popular, I have been maintaining both code bases together.

With the Mosquitto project also moving to Eclipse it is now even more redundant to keep maintaining mosquitto.py so I would like to recommend that everybody currently using mosquitto.py move over to using the Paho Python client.

The current state of the Paho client is now available on pypi and can be installed using “pip install paho-mqtt”.

To port code from mosquitto.py, you should change:

import mosquitto
mqttc = mosquitto.Mosquitto()

to:

import paho.mqtt.client as paho
mqttc = paho.Client()

All error codes e.g. MOSQ_ERR_SUCCESS change to MQTT_ERR_SUCCESS.

The Paho module has a compatibility Mosquitto class that means a very simple (but not recommended for the long term) port can be achieved with the following line, assuming none of the error codes are used:

import paho.mqtt.client as mosquitto

I will keep applying updates to mosquitto.py until the Paho 1.0 release.

Version 1.2.3 released

In time for the second day of Thingmonk, which I regret not being able to go to, version 1.2.3 of mosquitto is released. This is a bugfix release.

All components

Broker

  • Don’t always attempt to call read() for SSL clients, irrespective of whether they were ready to read or not. Reduces syscalls significantly.
  • Possible memory leak fixes.
  • Further fix for bug #1226040: multiple retained messages being delivered for subscriptions ending in #.
  • Fix bridge reconnections when using multiple bridge addresses.

Client library

  • Fix possible memory leak in C/C++ library when communicating with a broker that doesn’t follow the spec.
  • Block in Python loop_stop() until all messages are sent, as the documentation states should happen.
  • Fix for asynchronous connections on Windows. Closes bug #1249202.
  • Module version is now available in mosquitto.py.

Clients

  • mosquitto_sub now uses fwrite() instead of printf() to output messages, so messages with NULL characters aren’t truncated.

Version 1.2.2 released

This is a bugfix release:

Broker

  • Fix compliance with max_inflight_messages when a non-clean session client reconnects. Closes one of the issues on bug #1237389.

Client library

  • Fix incorrect inflight message accounting, which caused messages to go unsent. Partial fix for bug #1237351.
  • Fix potential memory corruption when sending QoS>0 messages at a high rate using the threaded interface. Further fix for #1237351.
  • Fix incorrect delay scaling when exponential_backoff=true in mosquitto_reconnect_delay_set().
  • Some pep8 fixes for Python.

Version 1.2.1 released

This is a bugfix release.

Broker:

  • The broker no longer ignores the auth_plugin_init() return value. Closes  bug #1215084.
  • Use RTLD_GLOBAL when opening authentication plugins on posix systems. Fixes resolving of symbols in libraries used by authentication plugins.
  • Add/fix some config documentation.
  • Fix ACLs for topics with $SYS.
  • Clients loaded from the persistence file on startup were not being added to the client hash, causing subtle problems when the client reconnected, including ACLs failing. This has been fixed.
  • Add note to mosquitto-tls man page stating that certificates need to be unique. Closes bug #1221285.
  • Fix incorrect retained message delivery when using wildcard subs in some circumstances. Fixes bug #1226040.

Client library

  • Fix support for Python 2.6, 3.0, 3.1.
  • Fix TLS subjectAltName verification and segfaults.
  • Handle EAGAIN in Python on Windows. Closes bug #1220004.
  • Fix compilation when using WITH_TLS=no.
  • Don’t fail reconnecting in Python when broker is temporarily unavailable.

mqtt-watchdir

Recursively watch a directory for modifications and publish file content to an MQTT broker

mqtt-watchdir is a Python program by Jan-Piet Mens  to watch a directory and publish new or modified files in that directory hierarchy to an MQTT broker, using a matching topic. Source and instructions are available at https://github.com/jpmens/mqtt-watchdir and it is also available via pypi.

It is a similar idea to my mqttfs fuse filesystem, but ultimately implemented in a better (and portable) manner.

Mosquitto on Fedora

Mosquitto has been packaged for Fedora thanks to Rich Mattes. Fedora 19 users will be able to install with “yum install mosquitto”.

Thanks Rich!