feat(tls): add AWS IoT Core support via --ca, --alpn, and --qos options#195
feat(tls): add AWS IoT Core support via --ca, --alpn, and --qos options#195bluebeeryale wants to merge 1 commit into
Conversation
- Add --ca option to specify CA certificate file for broker verification - Add --alpn option for TLS ALPN protocol negotiation (e.g., "mqtt") - Add --qos option to configure QoS level (0, 1, or 2) for interactive mode - Add helpful error hint when connection is closed, suggesting --qos 1 The --qos option only affects the interactive TUI mode. Other subcommands (log, read-one, publish, clean-retained) retain their original behavior. Default QoS remains 2 for backward compatibility. AWS IoT Core requires ALPN and does not support QoS 2. Typical usage: mqttui --ca root.pem --alpn mqtt --qos 1 ... Fixes "connection closed by peer" errors when connecting to AWS IoT Core. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
I realize this conflicts with pr189 (#189). Sorry about that. It was a bit of a winding way we got to the solution and realized the real problem I was experiencing with AWS was probably the QoS all along. |
|
Based on your last comment, I think splitting this up (maybe creating a dedicated PR for just that) for Regarding #189 got stuck because I could not test this successfully to verify it works back then. So maybe it works, and I could not test it successfully or there is some issue in the PR code. Maybe testing and merging that would be nice first, then we can look at that What further complicates this is the update of rumqttc / rustls which was delayed because the certificate of test.mosquitto.org wasn't renewed when I wanted to test it 3 weeks ago. Should check again and get that merged. That will allow for easier host certificate handling. (Will check that again as its up again directly after sending this reply) Thank you for stating the LLM usage / Rust knowledge upfront! I am hesitant of bad LLM usage and huge / inefficient changes, but this looks good and will likely be even simpler to review when split up in QoS and encryption parts. |
|
I added |
|
I will work on cleaning this up today or tomorrow. |
2 participants
First-time contributor here. Happy to adjust anything based on feedback. Claude Code did the work here with my prompting as I don't know Rust.
Summary
Adds support for connecting to AWS IoT Core and other brokers that require:
Changes
--ca <FILEPATH>- Specify CA certificate file for broker verification--alpn <PROTOCOL>- Set TLS ALPN protocol (e.g., "mqtt" for AWS IoT)--qos <LEVEL>- Configure QoS level (0, 1, or 2) for interactive modeBackward Compatibility
log,read-one,publish,clean-retained) retain original behaviorAWS IoT Core Usage
mqttui \ --broker mqtts://your-endpoint.iot.region.amazonaws.com:8883 \ --ca AmazonRootCA1.pem \ --client-cert device-cert.pem \ --client-private-key device-key.pem \ --alpn mqtt \ --qos 1 \ 'your/topic/#' Note: AWS IoT Core does not support QoS 2. The interactive mode now shows a helpful hint when connection is closed, suggesting --qos 1. Test plan - Builds without warnings (cargo build) - All tests pass (cargo test) - Clippy clean (cargo clippy) - Tested with AWS IoT Core endpoint - Verified backward compatibility (existing commands work unchanged)