SSL ALPN protocol support (CLI & Web)

cli/README.md

@@ -36,14 +36,14 @@ To install the latest MQTTX CLI stable release on **macOS** using **binary downl
 #### Intel Chip
 
 ```shell
-curl -LO https://www.emqx.com/en/downloads/MQTTX/v1.9.3/mqttx-cli-macos-x64
+curl -LO https://www.emqx.com/en/downloads/MQTTX/v1.9.5/mqttx-cli-macos-x64
 sudo install ./mqttx-cli-macos-x64 /usr/local/bin/mqttx
 ```
 
 #### Apple Silicon
 
 ```shell
-curl -LO https://www.emqx.com/en/downloads/MQTTX/v1.9.3/mqttx-cli-macos-arm64
+curl -LO https://www.emqx.com/en/downloads/MQTTX/v1.9.5/mqttx-cli-macos-arm64
 sudo install ./mqttx-cli-macos-arm64 /usr/local/bin/mqttx
 ```
 
@@ -62,14 +62,14 @@ To install the latest MQTTX CLI stable release on **Linux** using **binary downl
 #### x86-64
 
 ```shell
-curl -LO https://www.emqx.com/en/downloads/MQTTX/v1.9.3/mqttx-cli-linux-x64
+curl -LO https://www.emqx.com/en/downloads/MQTTX/v1.9.5/mqttx-cli-linux-x64
 sudo install ./mqttx-cli-linux-x64 /usr/local/bin/mqttx
 ```
 
 #### ARM64
 
 ```shell
-curl -LO https://www.emqx.com/en/downloads/MQTTX/v1.9.3/mqttx-cli-linux-arm64
+curl -LO https://www.emqx.com/en/downloads/MQTTX/v1.9.5/mqttx-cli-linux-arm64
 sudo install ./mqttx-cli-linux-arm64 /usr/local/bin/mqttx
 ```
 
@@ -191,6 +191,7 @@ mqttx conn --help
 | --cert <PATH>                                    | path to the cert file                                                                                                              |
 | --ca <PATH>                                      | path to the ca certificate                                                                                                         |
 | --insecure                                       | do not verify the server certificate                                                                                               |
+| --alpn <PROTO...>                               | set one or multiple ALPN (Application Layer Protocol Negotiation) protocols                                                        |
 | -rp, --reconnect-period <MILLISECONDS>           | interval between two reconnections, disable auto reconnect by setting to 0 (default: 1000ms)                                       |
 | --maximum-reconnect-times <NUMBER>               | the maximum reconnect times (default: 10)                                                                                          |
 | -up, --user-properties <USERPROPERTIES...>       | the user properties of MQTT 5.0 (e.g. -up "name: mqttx cli")                                                                       |
@@ -242,6 +243,7 @@ mqttx sub --help
 | --cert <PATH>                                    | path to the cert file                                                                                                                           |
 | --ca                                             | path to the ca certificate                                                                                                                      |
 | --insecure                                       | do not verify the server certificate                                                                                                            |
+| --alpn <PROTO...>                               | set one or multiple ALPN (Application Layer Protocol Negotiation) protocols                                                        |
 | -rp, --reconnect-period <MILLISECONDS>           | interval between two reconnections, disable auto reconnect by setting to 0 (default: 1000ms)                                                    |
 | --maximum-reconnect-times <NUMBER>               | the maximum reconnect times (default: 10)                                                                                                       |
 | -up, --user-properties <USERPROPERTIES...>       | the user properties of MQTT 5.0 (e.g. -up "name: mqttx cli")                                                                                    |
@@ -301,6 +303,7 @@ mqttx pub --help
 | --cert <PATH>                                    | path to the cert file                                                                                                              |
 | --ca                                             | path to the ca certificate                                                                                                         |
 | --insecure                                       | do not verify the server certificate                                                                                               |
+| --alpn <PROTO...>                               | set one or multiple ALPN (Application Layer Protocol Negotiation) protocols                                                        |
 | -rp, --reconnect-period <MILLISECONDS>           | interval between two reconnections, disable auto reconnect by setting to 0 (default: 1000ms)                                       |
 | --maximum-reconnect-times <NUMBER>               | the maximum reconnect times (default: 10)                                                                                          |
 | -up, --user-properties <USERPROPERTIES...>       | the user properties of MQTT 5.0 (e.g. -up "name: mqttx cli")                                                                       |

cli/src/index.ts

@@ -59,6 +59,7 @@ export class Commander {
       .option('--cert <PATH>', 'path to the cert file')
       .option('--ca <PATH>', 'path to the ca certificate')
       .option('--insecure', 'do not verify the server certificate')
+      .option('--alpn <PROTO...>', 'set one or multiple ALPN (Application Layer Protocol Negotiation) protocols')
       .option(
         '-rp, --reconnect-period <MILLISECONDS>',
         'interval between two reconnections, disable auto reconnect by setting to 0',
@@ -152,6 +153,7 @@ export class Commander {
       .option('--cert <PATH>', 'path to the cert file')
       .option('--ca <PATH>', 'path to the ca certificate')
       .option('--insecure', 'do not verify the server certificate')
+      .option('--alpn <PROTO...>', 'set one or multiple ALPN (Application Layer Protocol Negotiation) protocols')
       .option(
         '-rp, --reconnect-period <MILLISECONDS>',
         'interval between two reconnections, disable auto reconnect by setting to 0',
@@ -249,6 +251,7 @@ export class Commander {
       .option('--cert <PATH>', 'path to the cert file')
       .option('--ca <PATH>', 'path to the ca certificate')
       .option('--insecure', 'do not verify the server certificate')
+      .option('--alpn <PROTO...>', 'set one or multiple ALPN (Application Layer Protocol Negotiation) protocols')
       .option(
         '-rp, --reconnect-period <MILLISECONDS>',
         'interval between two reconnections, disable auto reconnect by setting to 0',
@@ -325,6 +328,7 @@ export class Commander {
       .option('--cert <PATH>', 'path to the cert file')
       .option('--ca <PATH>', 'path to the ca certificate')
       .option('--insecure', 'do not verify the server certificate')
+      .option('--alpn <PROTO...>', 'set one or multiple ALPN (Application Layer Protocol Negotiation) protocols')
       .option(
         '-rp, --reconnect-period <MILLISECONDS>',
         'interval between two reconnections, disable auto reconnect by setting to 0',
@@ -423,6 +427,7 @@ export class Commander {
       .option('--cert <PATH>', 'path to the cert file')
       .option('--ca <PATH>', 'path to the ca certificate')
       .option('--insecure', 'do not verify the server certificate')
+      .option('--alpn <PROTO...>', 'set one or multiple ALPN (Application Layer Protocol Negotiation) protocols')
       .option(
         '-rp, --reconnect-period <MILLISECONDS>',
         'interval between two reconnections, disable auto reconnect by setting to 0',
@@ -510,6 +515,7 @@ export class Commander {
       .option('--cert <PATH>', 'path to the cert file')
       .option('--ca <PATH>', 'path to the ca certificate')
       .option('--insecure', 'do not verify the server certificate')
+      .option('--alpn <PROTO...>', 'set one or multiple ALPN (Application Layer Protocol Negotiation) protocols')
       .option(
         '-rp, --reconnect-period <MILLISECONDS>',
         'interval between two reconnections, disable auto reconnect by setting to 0',
@@ -610,6 +616,7 @@ export class Commander {
       .option('--cert <PATH>', 'path to the cert file')
       .option('--ca <PATH>', 'path to the ca certificate')
       .option('--insecure', 'do not verify the server certificate')
+      .option('--alpn <PROTO...>', 'set one or multiple ALPN (Application Layer Protocol Negotiation) protocols')
       .option(
         '-rp, --reconnect-period <MILLISECONDS>',
         'interval between two reconnections, disable auto reconnect by setting to 0',

cli/src/lib/pub.ts

@@ -10,6 +10,7 @@ import delay from '../utils/delay'
 import { saveConfig, loadConfig } from '../utils/config'
 import { loadSimulator } from '../utils/simulate'
 import { serializeProtobufToBuffer } from '../utils/protobuf'
+
 const send = (
   config: boolean | string | undefined,
   connOpts: IClientOptions,

cli/src/types/global.d.ts

@@ -28,6 +28,7 @@ declare global {
     cert?: string
     ca?: string
     insecure?: boolean
+    alpn?: string[]
     reconnectPeriod: number
     maximumReconnectTimes: number
     // properties of MQTT 5.0

cli/src/utils/parse.ts

@@ -161,6 +161,7 @@ const parseConnectOptions = (
     cert,
     ca,
     insecure,
+    alpn,
     reconnectPeriod,
     sessionExpiryInterval,
     receiveMaximum,
@@ -215,6 +216,10 @@ const parseConnectOptions = (
     connectOptions.rejectUnauthorized = false
   }
 
+  if (alpn) {
+    connectOptions.ALPNProtocols = alpn
+  }
+
   if (willTopic) {
     const will = {
       topic: willTopic,

web/src/types/global.d.ts

@@ -246,6 +246,7 @@ declare global {
 
   interface SSLPath {
     rejectUnauthorized?: boolean
+    ALPNProtocols?: string | null
     ca: string
     cert: string
     key: string

web/src/utils/mqttUtils.ts

@@ -40,6 +40,7 @@ const getClientOptions = (record: ConnectionModel): IClientOptions => {
     reconnectPeriod, // reconnectPeriod = 0 disabled automatic reconnection in the client
     will,
     rejectUnauthorized,
+    ALPNProtocols,
     clientIdWithTime,
   } = record
   const protocolVersion = mqttVersionDict[mqttVersion]
@@ -76,6 +77,10 @@ const getClientOptions = (record: ConnectionModel): IClientOptions => {
   // SSL
   if (ssl) {
     options.rejectUnauthorized = rejectUnauthorized === undefined ? true : rejectUnauthorized
+    if (ALPNProtocols) {
+      console.log(ALPNProtocols.replace(/[\[\] ]/g, '').split(','))
+      options.ALPNProtocols = ALPNProtocols.replace(/[\[\] ]/g, '').split(',')
+    }
     if (certType === 'self') {
       const sslRes: SSLContent | undefined = getSSLFile({
         ca: record.ca,
@@ -158,6 +163,7 @@ export const getDefaultRecord = (): ConnectionModel => {
     ssl: false,
     certType: '',
     rejectUnauthorized: true,
+    ALPNProtocols: '',
     ca: '',
     cert: '',
     key: '',

web/src/views/connections/ConnectionForm.vue

@@ -163,6 +163,12 @@
                 </el-form-item>
               </el-col>
               <el-col :span="2"> </el-col>
+              <el-col :span="22">
+                <el-form-item label-width="93px" label="ALPN" prop="ALPNProtocols">
+                  <el-input size="mini" clearable v-model.trim="record.ALPNProtocols"></el-input>
+                </el-form-item>
+              </el-col>
+              <el-col :span="2"></el-col>
             </template>
           </el-row>
         </el-card>
@@ -563,8 +569,6 @@ export default class ConnectionCreate extends Vue {
       path: [{ required: true, message: this.$t('common.inputRequired') }],
       host: [{ required: true, message: this.$t('common.inputRequired') }],
       port: [{ required: true, message: this.$t('common.inputRequired') }],
-      certType: [{ required: true, message: this.$t('common.selectRequired') }],
-      ca: [{ required: true, message: this.$t('common.inputRequired') }],
     }
   }