Skip to content

[nrf fromlist] net: mqtt: Allow to force native TLS on MQTT socket #3656

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rlubos wants to merge 3 commits into
base: main
Choose a base branch
from
+16 −3
Open

[nrf fromlist] net: mqtt: Allow to force native TLS on MQTT socket #3656

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a37a1d2
Revert "[nrf noup] net: mqtt: add native TLS support"
rlubos Dec 18, 2025
24703c8
[nrf fromlist] net: mqtt: Allow to force native TLS on MQTT socket
rlubos Dec 18, 2025
c691e99
[nrf noup] net: mqtt: add native TLS support
MirkoCovizzi Mar 10, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion doc/connectivity/networking/api/mqtt.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,8 @@ Note, that TLS credentials referenced by the ``m_sec_tags`` array must be
registered in the system first. For more information on how to do that, refer
to :ref:`secure sockets documentation <secure_sockets_interface>`.

Finally, ``set_native_tls`` can be optionally set to enable native TLS support instead of offloading TLS operations to the modem.
Finally, ``set_native_tls`` can be optionally set to enable native TLS support
instead of offloading TLS operations to an offloaded socket.

An example of how to use TLS with MQTT is also present in
:zephyr:code-sample:`mqtt-publisher` sample application.
Expand Down
2 changes: 1 addition & 1 deletion include/zephyr/net/mqtt.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -774,7 +774,7 @@ struct mqtt_sec_config {
/** Indicates the preference for copying certificates to the heap. */
int cert_nocopy;

/** Set socket to native TLS */
/** Set socket to use native TLS (used with socket offloading). */
bool set_native_tls;
};

Expand Down
14 changes: 13 additions & 1 deletion subsys/net/lib/mqtt/mqtt_transport_socket_tls.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
int type = SOCK_STREAM;
int ret;

if (tls_config->set_native_tls) {
if (!IS_ENABLED(CONFIG_NET_SOCKETS_OFFLOAD_DISPATCHER) && tls_config->set_native_tls) {
type |= SOCK_NATIVE_TLS;
}

Expand All @@ -37,6 +37,18 @@

NET_DBG("Created socket %d", client->transport.tls.sock);

if (IS_ENABLED(CONFIG_NET_SOCKETS_OFFLOAD_DISPATCHER) && tls_config->set_native_tls) {
int tls_native = 1;

ret = zsock_setsockopt(client->transport.tls.sock, SOL_TLS,
TLS_NATIVE, &tls_native,
sizeof(tls_native));

Check notice on line 45 in subsys/net/lib/mqtt/mqtt_transport_socket_tls.c

View workflow job for this annotation

GitHub Actions / Run compliance checks on patch series (PR)

You may want to run clang-format on this change 

subsys/net/lib/mqtt/mqtt_transport_socket_tls.c:45 
-		ret = zsock_setsockopt(client->transport.tls.sock, SOL_TLS,
-				       TLS_NATIVE, &tls_native,
+		ret = zsock_setsockopt(client->transport.tls.sock, SOL_TLS, TLS_NATIVE, &tls_native,
if (ret < 0) {
NET_ERR("Failed to set native TLS (%d)", -errno);
goto error;
}
}

if (client->transport.if_name != NULL) {
struct ifreq ifname = { 0 };

Expand Down
Loading