Archive for 'Uncategorized'

Seeking sponsorship

The mosquitto project has,  or can get, access to a wide variety of different systems to help with development. One important platform for which this is not true is Mac OS X. There are sufficient differences between Macs and other systems that this makes life difficult.

To this end, I would like to reach out to the mosquitto community to ask for help with obtaining either

  • A remote login on a Mac system
  • Donation of hardware
  • Donation of money to buy some hardware

I have been offered a remote account by a few individuals in the past, for which I’m very grateful, but only on a short term basis and, understandably, with limited control. Something on a longer term, with the ability to install packages would be much more useful. Unfortunately I realise this is relatively difficult to offer.

On the hardware side of things, there isn’t a need for a modern, powerful computer. A second hand Mac Mini of Core2Duo vintage with 1GB RAM and a reasonably modern version of Mac OS X would be quite sufficient, and ideal for me in terms of the space it takes up. Regrettably I feel I would have to turn down offers of an old iMac or Mac Pro.

2007-era Mac Minis go on Ebay UK for around £100. I’m hopeful that there is a company out there using mosquitto, likes Macs and for whom £100 would be a drop in the ocean. If so, or any individuals want to help out with a small donation towards this, please get in touch directly to or head over to the downloads page to see the paypal donation link, and thanks very much in advance.


I have now awaiting delivery of a Mac mini. Thanks very much to all of you that have contributed, it is very much appreciated. If you would still like to support mosquitto development please don’t let this put you off…

Version 1.3.4 introduced the change that when using TLS with require_certificate set to false, the client is no longer asked for a client certificate. This seemed to be causing problems in some situations, particularly with embedded devices.

If use_identity_as_username is set to true when require_certificate is set to false, then the client will not be asked for a certificate, even if it has one configured. This means that the client will be refused access with connack code 4, “bad username or password”, because if use_identity_as_username currently requires that a certificate is present, even if allow_anonymous is set to true.

This change may cause unexpected results, but does not represent a security flaw because the change results in more clients being rejected than would otherwise have been.

Version 1.3.4 released

This is a bugfix release. The reason for the rapid release of the past two versions is down to a Debian developer reviewing the mosquitto package. This is a good opportunity to ensure that as bug free a version as possible is present in Debian.


  • Don’t ask client for certificate when require_certificate is false.
  • Backout incomplete functionality that was incorrectly included in 1.3.2.

Binaries will follow shortly.

Paho MQTT Python Client

The Mosquitto Python client was donated to the Eclipse Paho project in June of this year. As has been very popular, I have been maintaining both code bases together.

With the Mosquitto project also moving to Eclipse it is now even more redundant to keep maintaining so I would like to recommend that everybody currently using move over to using the Paho Python client.

The current state of the Paho client is now available on pypi and can be installed using “pip install paho-mqtt”.

To port code from, you should change:

import mosquitto
mqttc = mosquitto.Mosquitto()


import paho.mqtt.client as paho
mqttc = paho.Client()

All error codes e.g. MOSQ_ERR_SUCCESS change to MQTT_ERR_SUCCESS.

The Paho module has a compatibility Mosquitto class that means a very simple (but not recommended for the long term) port can be achieved with the following line, assuming none of the error codes are used:

import paho.mqtt.client as mosquitto

I will keep applying updates to until the Paho 1.0 release.

Version 1.2.3 released

In time for the second day of Thingmonk, which I regret not being able to go to, version 1.2.3 of mosquitto is released. This is a bugfix release.

All components


  • Don’t always attempt to call read() for SSL clients, irrespective of whether they were ready to read or not. Reduces syscalls significantly.
  • Possible memory leak fixes.
  • Further fix for bug #1226040: multiple retained messages being delivered for subscriptions ending in #.
  • Fix bridge reconnections when using multiple bridge addresses.

Client library

  • Fix possible memory leak in C/C++ library when communicating with a broker that doesn’t follow the spec.
  • Block in Python loop_stop() until all messages are sent, as the documentation states should happen.
  • Fix for asynchronous connections on Windows. Closes bug #1249202.
  • Module version is now available in


  • mosquitto_sub now uses fwrite() instead of printf() to output messages, so messages with NULL characters aren’t truncated.

Version 1.2 near complete

With the most recent commit, “Implement TLSv1.2 and TLSv1.1 support,” everything that is planned for version 1.2 has been completed. If you haven’t tried it out yet, now would be a good time to take a look.

Before the release is finalised, there still needs to be more testing done, particularly on Windows. If you use another platform than Windows or Linux, I’d be interested to hear if you have any problems with the 1.2 code. I will also be updating the packaging for all of the binaries that I build or contribute to directly, so there is still time for bug reports.

You can get a copy of the source at one of the links below, or through the mercurial repository directly on the 1.2 branch.

It’s been a while since there has been an update here, so in lieu of one here are some interesting links I’ve come across recently. Add a comment to the post if you’ve done something cool not mentioned here! Work progresses on mosquitto 1.2.

Initial release of an MQTT-S gateway, written in ruby:

And some MQTT-S tools:

A Pinoccio/MQTT/sensor powered Theramin:

Voice controlled MQTT LED:

An MQTT notification plugin for Jenkins/Hudson:

Version 1.1.3 released

This is a minor bugfix release that addresses some problems identified during Debian packaging.


  • mosquitto_passwd utility now uses tmpfile() to generate its temporary data storage file. It also creates a backup file that can be used to recover data if an errors occur.


  • Build script fixes to help packaging on Debian.


Version 1.1.1 released

This is a bugfix release.


  • Fix crash on reload if using acl patterns.

Client library

  • Fix static C++ functions not being exported on Windows. Fixes bug #1098256.

Binaries should be available shortly.

Version 1.1 released

This is a feature and bugfix release.


  • Add $SYS/broker/messages/dropped
  • Add $SYS/broker/clients/expired
  • Replace $SYS/broker/+/per second/+ with moving average versions published at $SYS/broker/load/#
  • Add $SYS/broker/load/sockets/+ and $SYS/broker/load/connections/+
  • Documentation on password file format has been fixed.
  • Disable SSL compression. This reduces memory usage significantly and removes the possibility of CRIME type attacks.
  • Enable SSL_MODE_RELEASE_BUFFERS mode to reduce SSL memory usage further.
  • Add allow_duplicate_messages option.
  • ACL files can now have comment lines with # as the first character.
  • Display message on startup about which config is being loaded.
  • Fix max_inflight_messages and max_queued_messages not being applied.
  • Fix documentation error in mosquitto.conf.
  • Ensure that QoS 2 queued messages are sent out in a timely manner.
  • Local bridges now act on clean_session correctly.
  • Local bridges with clean_session==false now remove unused subscriptions on broker restart.
  • The $SYS/broker/heap/# messages now no longer include “bytes” as part of the string for ease of use.

Client library

  • Free memory used by OpenSSL in mosquitto_lib_cleanup() where possible.
  • Change WebSocket subprotocol name to mqttv3.1 to make future changes easier and for compatibility with other implementations.
  • mosquitto_loop_read() and mosquitto_loop_write() now handle errors themselves rather than having mosquitto_loop() handle their errors. This makes using them in a separate event loop more straightforward.
  • Add mosquitto_loop_forever() / loop_forever() function call to make simple clients easier.
  • Disable SSL compression. This reduces memory usage significantly and removes the possibility of CRIME type attacks.
  • Enable SSL_MODE_RELEASE_BUFFERS mode to reduce SSL memory usage further.
  • mosquitto_tls_set() will now return an error or raise an exception immediately if the CA certificate or client certificate/key cannot be accessed.
  • Fix potential memory leaks on connection failures.
  • Don’t produce return error from mosquitto_loop() if a system call is interrupted. This prevents disconnects/reconnects in threaded mode and simplifies non-threaded client handling.
  • Ignore SIGPIPE to prevent unnecessary client quits in threaded mode.
  • Fix document error for mosquitto_message_retry_set().
  • Fix mosquitto_topic_matches_sub() for subscriptions with + as the final character. Fixes bug #1085797.
  • Rename all “obj” parameters to “userdata” for consistency with other libraries.
  • Reset errno before network read/write to ensure EAGAIN isn’t mistakenly returned.
  • The message queue length is now tracked and used to determine the maximum number of packets to process at once. This removes the need for the max_packets parameter which is now unused.
  • Fix incorrect error value in Python error_string() function. Fixes bug #1086777.
  • Reset last message in/out timer in Python module when we send a PINGREQ. Fixes too-early disconnects.


  • Clients now display their own version number and library version number in their help messages.
  • Fix “mosquitto_pub -l -q 2″ disconnecting before all messages were transmitted.
  • Fix potential out-of-bounds array access with client ids. Fixes bug #1083182.


  • mosquitto_passwd can now convert password files with plain text files to hashed versions.