diff --git a/doc/connectivity/networking/api/mqtt.rst b/doc/connectivity/networking/api/mqtt.rst index c2fb612e1cc2..a8eaaf288b9d 100644 --- a/doc/connectivity/networking/api/mqtt.rst +++ b/doc/connectivity/networking/api/mqtt.rst @@ -163,7 +163,8 @@ Note, that TLS credentials referenced by the ``m_sec_tags`` array must be registered in the system first. For more information on how to do that, refer to :ref:`secure sockets documentation `. -Finally, ``set_native_tls`` can be optionally set to enable native TLS support instead of offloading TLS operations to the modem. +Finally, ``set_native_tls`` can be optionally set to enable native TLS support +instead of offloading TLS operations to an offloaded socket. An example of how to use TLS with MQTT is also present in :zephyr:code-sample:`mqtt-publisher` sample application. diff --git a/include/zephyr/net/mqtt.h b/include/zephyr/net/mqtt.h index 797f8f339d7f..fc9271f4debb 100644 --- a/include/zephyr/net/mqtt.h +++ b/include/zephyr/net/mqtt.h @@ -774,7 +774,7 @@ struct mqtt_sec_config { /** Indicates the preference for copying certificates to the heap. */ int cert_nocopy; - /** Set socket to native TLS */ + /** Set socket to use native TLS (used with socket offloading). */ bool set_native_tls; }; diff --git a/subsys/net/lib/mqtt/mqtt_transport_socket_tls.c b/subsys/net/lib/mqtt/mqtt_transport_socket_tls.c index 617dec4b4d26..13bd7c23faba 100644 --- a/subsys/net/lib/mqtt/mqtt_transport_socket_tls.c +++ b/subsys/net/lib/mqtt/mqtt_transport_socket_tls.c @@ -25,7 +25,7 @@ int mqtt_client_tls_connect(struct mqtt_client *client) int type = SOCK_STREAM; int ret; - if (tls_config->set_native_tls) { + if (!IS_ENABLED(CONFIG_NET_SOCKETS_OFFLOAD_DISPATCHER) && tls_config->set_native_tls) { type |= SOCK_NATIVE_TLS; } @@ -37,6 +37,18 @@ int mqtt_client_tls_connect(struct mqtt_client *client) NET_DBG("Created socket %d", client->transport.tls.sock); + if (IS_ENABLED(CONFIG_NET_SOCKETS_OFFLOAD_DISPATCHER) && tls_config->set_native_tls) { + int tls_native = 1; + + ret = zsock_setsockopt(client->transport.tls.sock, SOL_TLS, + TLS_NATIVE, &tls_native, + sizeof(tls_native)); + if (ret < 0) { + NET_ERR("Failed to set native TLS (%d)", -errno); + goto error; + } + } + if (client->transport.if_name != NULL) { struct ifreq ifname = { 0 };