mosquitto: major upgrade to 1.6.x

Major new release of mosquitto.

This release rolls up the initial 1.6.0 release, plus the subsequent
build/bug fixes of 1.6.1 and 1.6.2.

Original upstream changelogs:
https://mosquitto.org/blog/2019/04/version-1-6-released/
https://mosquitto.org/blog/2019/04/version-1-6-1-released/
https://mosquitto.org/blog/2019/04/version-1-6-2-released/

Major features of interest:
* MQTTv5 support
* performance improvements
* ALPN support
* OCSP staping support
* OpenSSL Engine support
* TLSv1.0 support dropped

Currently adds two patches to continue supporting OpenSSL engine support
being disabled, and a missing header include.  These are both tracked
upstream and are expected to be dropped in a subsequent release.

Signed-off-by: Karl Palsson <karlp@etactica.com>

net/mosquitto/Makefile

@@ -9,15 +9,15 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mosquitto
-PKG_VERSION:=1.5.8
-PKG_RELEASE:=2
+PKG_VERSION:=1.6.2
+PKG_RELEASE:=1
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE.txt
 PKG_CPE_ID:=cpe:/a:eclipse:mosquitto
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://mosquitto.org/files/source/
-PKG_HASH:=78d7e70c3794dc3a1d484b4f2f8d3addebe9c2da3f5a1cebe557f7d13beb0da4
+PKG_HASH:=33499e78dfa0ca1cb488fd196fde940a66305bdfd44ba763ce2001db2569a08b
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 
 include $(INCLUDE_DIR)/package.mk

net/mosquitto/patches/901-fix-openssl-ui.patch

@@ -0,0 +1,12 @@
+diff --git a/lib/net_mosq.c b/lib/net_mosq.c
+index 745b170..bdcaa19 100644
+--- a/lib/net_mosq.c
++++ b/lib/net_mosq.c
+@@ -50,6 +50,7 @@ Contributors:
+ #include <openssl/conf.h>
+ #include <openssl/engine.h>
+ #include <openssl/err.h>
++#include <openssl/ui.h>
+ #include <tls_mosq.h>
+ #endif
+ 

net/mosquitto/patches/902-fix-engine-guards.patch

@@ -0,0 +1,215 @@
+diff --git a/lib/net_mosq.c b/lib/net_mosq.c
+index bdcaa19..f207e32 100644
+--- a/lib/net_mosq.c
++++ b/lib/net_mosq.c
+@@ -141,7 +141,9 @@ int net__init(void)
+ 			| OPENSSL_INIT_ADD_ALL_DIGESTS \
+ 			| OPENSSL_INIT_LOAD_CONFIG, NULL);
+ #  endif
++#if !defined(OPENSSL_NO_ENGINE)
+ 	ENGINE_load_builtin_engines();
++#endif
+ 	setup_ui_method();
+ 	if(tls_ex_index_mosq == -1){
+ 		tls_ex_index_mosq = SSL_get_ex_new_index(0, "client context", NULL, NULL, NULL);
+@@ -599,6 +601,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
+ 			SSL_CTX_set_mode(mosq->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
+ #endif
+ 
++#if !defined(OPENSSL_NO_ENGINE)
+ 		if(mosq->tls_engine){
+ 			engine = ENGINE_by_id(mosq->tls_engine);
+ 			if(!engine){
+@@ -615,12 +618,15 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
+ 			ENGINE_set_default(engine, ENGINE_METHOD_ALL);
+ 			ENGINE_free(engine); /* release the structural reference from ENGINE_by_id() */
+ 		}
++#endif
+ 
+ 		if(mosq->tls_ciphers){
+ 			ret = SSL_CTX_set_cipher_list(mosq->ssl_ctx, mosq->tls_ciphers);
+ 			if(ret == 0){
+ 				log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to set TLS ciphers. Check cipher list \"%s\".", mosq->tls_ciphers);
++#if !defined(OPENSSL_NO_ENGINE)
+ 				ENGINE_FINISH(engine);
++#endif
+ 				COMPAT_CLOSE(mosq->sock);
+ 				mosq->sock = INVALID_SOCKET;
+ 				net__print_ssl_error(mosq);
+@@ -647,7 +653,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
+ 					log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load CA certificates, check capath \"%s\".", mosq->tls_capath);
+ 				}
+ #endif
++#if !defined(OPENSSL_NO_ENGINE)
+ 				ENGINE_FINISH(engine);
++#endif
+ 				COMPAT_CLOSE(mosq->sock);
+ 				mosq->sock = INVALID_SOCKET;
+ 				net__print_ssl_error(mosq);
+@@ -672,7 +680,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
+ #else
+ 					log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load client certificate \"%s\".", mosq->tls_certfile);
+ #endif
++#if !defined(OPENSSL_NO_ENGINE)
+ 					ENGINE_FINISH(engine);
++#endif
+ 					COMPAT_CLOSE(mosq->sock);
+ 					mosq->sock = INVALID_SOCKET;
+ 					net__print_ssl_error(mosq);
+@@ -681,6 +691,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
+ 			}
+ 			if(mosq->tls_keyfile){
+ 				if(mosq->tls_keyform == mosq_k_engine){
++#if !defined(OPENSSL_NO_ENGINE)
+ 					UI_METHOD *ui_method = net__get_ui_method();
+ 					if(mosq->tls_engine_kpass_sha1){
+ 						if(!ENGINE_ctrl_cmd(engine, ENGINE_SECRET_MODE, ENGINE_SECRET_MODE_SHA, NULL, NULL, 0)){
+@@ -714,6 +725,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
+ 						net__print_ssl_error(mosq);
+ 						return MOSQ_ERR_TLS;
+ 					}
++#endif
+ 				}else{
+ 					ret = SSL_CTX_use_PrivateKey_file(mosq->ssl_ctx, mosq->tls_keyfile, SSL_FILETYPE_PEM);
+ 					if(ret != 1){
+@@ -722,7 +734,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
+ #else
+ 						log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load client key file \"%s\".", mosq->tls_keyfile);
+ #endif
++#if !defined(OPENSSL_NO_ENGINE)
+ 						ENGINE_FINISH(engine);
++#endif
+ 						COMPAT_CLOSE(mosq->sock);
+ 						mosq->sock = INVALID_SOCKET;
+ 						net__print_ssl_error(mosq);
+@@ -732,7 +746,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
+ 				ret = SSL_CTX_check_private_key(mosq->ssl_ctx);
+ 				if(ret != 1){
+ 					log__printf(mosq, MOSQ_LOG_ERR, "Error: Client certificate/key are inconsistent.");
++#if !defined(OPENSSL_NO_ENGINE)
+ 					ENGINE_FINISH(engine);
++#endif
+ 					COMPAT_CLOSE(mosq->sock);
+ 					mosq->sock = INVALID_SOCKET;
+ 					net__print_ssl_error(mosq);
+diff --git a/lib/options.c b/lib/options.c
+index 005b781..6dc4262 100644
+--- a/lib/options.c
++++ b/lib/options.c
+@@ -255,6 +255,7 @@ int mosquitto_string_option(struct mosquitto *mosq, enum mosq_opt_t option, cons
+ 	switch(option){
+ 		case MOSQ_OPT_TLS_ENGINE:
+ #ifdef WITH_TLS
++#    if !defined(OPENSSL_NO_ENGINE)
+ 			eng = ENGINE_by_id(value);
+ 			if(!eng){
+ 				return MOSQ_ERR_INVAL;
+@@ -265,6 +266,7 @@ int mosquitto_string_option(struct mosquitto *mosq, enum mosq_opt_t option, cons
+ 				return MOSQ_ERR_NOMEM;
+ 			}
+ 			return MOSQ_ERR_SUCCESS;
++#endif
+ #else
+ 			return MOSQ_ERR_NOT_SUPPORTED;
+ #endif
+diff --git a/src/net.c b/src/net.c
+index 74b4ee8..495f8b2 100644
+--- a/src/net.c
++++ b/src/net.c
+@@ -534,6 +534,7 @@ int net__socket_listen(struct mosquitto__listener *listener)
+ 				return 1;
+ 			}
+ 			if(listener->tls_engine){
++#if !defined(OPENSSL_NO_ENGINE)
+ 				engine = ENGINE_by_id(listener->tls_engine);
+ 				if(!engine){
+ 					log__printf(NULL, MOSQ_LOG_ERR, "Error loading %s engine\n", listener->tls_engine);
+@@ -548,6 +549,7 @@ int net__socket_listen(struct mosquitto__listener *listener)
+ 				}
+ 				ENGINE_set_default(engine, ENGINE_METHOD_ALL);
+ 				ENGINE_free(engine); /* release the structural reference from ENGINE_by_id() */
++#endif
+ 			}
+ 			/* FIXME user data? */
+ 			if(listener->require_certificate){
+@@ -560,10 +562,13 @@ int net__socket_listen(struct mosquitto__listener *listener)
+ 				log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to load server certificate \"%s\". Check certfile.", listener->certfile);
+ 				net__print_error(MOSQ_LOG_ERR, "Error: %s");
+ 				COMPAT_CLOSE(sock);
++#if !defined(OPENSSL_NO_ENGINE)
+ 				ENGINE_FINISH(engine);
++#endif
+ 				return 1;
+ 			}
+ 			if(listener->tls_keyform == mosq_k_engine){
++#if !defined(OPENSSL_NO_ENGINE)
+ 				UI_METHOD *ui_method = net__get_ui_method();
+ 				if(listener->tls_engine_kpass_sha1){
+ 					if(!ENGINE_ctrl_cmd(engine, ENGINE_SECRET_MODE, ENGINE_SECRET_MODE_SHA, NULL, NULL, 0)){
+@@ -593,13 +598,16 @@ int net__socket_listen(struct mosquitto__listener *listener)
+ 					ENGINE_FINISH(engine);
+ 					return 1;
+ 				}
++#endif
+ 			}else{
+ 				rc = SSL_CTX_use_PrivateKey_file(listener->ssl_ctx, listener->keyfile, SSL_FILETYPE_PEM);
+ 				if(rc != 1){
+ 					log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to load server key file \"%s\". Check keyfile.", listener->keyfile);
+ 					net__print_error(MOSQ_LOG_ERR, "Error: %s");
+ 					COMPAT_CLOSE(sock);
++#if !defined(OPENSSL_NO_ENGINE)
+ 					ENGINE_FINISH(engine);
++#endif
+ 					return 1;
+ 				}
+ 			}
+@@ -608,7 +616,9 @@ int net__socket_listen(struct mosquitto__listener *listener)
+ 				log__printf(NULL, MOSQ_LOG_ERR, "Error: Server certificate/key are inconsistent.");
+ 				net__print_error(MOSQ_LOG_ERR, "Error: %s");
+ 				COMPAT_CLOSE(sock);
++#if !defined(OPENSSL_NO_ENGINE)
+ 				ENGINE_FINISH(engine);
++#endif
+ 				return 1;
+ 			}
+ 			/* Load CRLs if they exist. */
+@@ -618,7 +628,9 @@ int net__socket_listen(struct mosquitto__listener *listener)
+ 					log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to obtain TLS store.");
+ 					net__print_error(MOSQ_LOG_ERR, "Error: %s");
+ 					COMPAT_CLOSE(sock);
++#if !defined(OPENSSL_NO_ENGINE)
+ 					ENGINE_FINISH(engine);
++#endif
+ 					return 1;
+ 				}
+ 				lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
+@@ -627,7 +639,9 @@ int net__socket_listen(struct mosquitto__listener *listener)
+ 					log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to load certificate revocation file \"%s\". Check crlfile.", listener->crlfile);
+ 					net__print_error(MOSQ_LOG_ERR, "Error: %s");
+ 					COMPAT_CLOSE(sock);
++#if !defined(OPENSSL_NO_ENGINE)
+ 					ENGINE_FINISH(engine);
++#endif
+ 					return 1;
+ 				}
+ 				X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK);
+@@ -644,7 +658,9 @@ int net__socket_listen(struct mosquitto__listener *listener)
+ 
+ 			if(mosquitto__tls_server_ctx(listener)){
+ 				COMPAT_CLOSE(sock);
++#if !defined(OPENSSL_NO_ENGINE)
+ 				ENGINE_FINISH(engine);
++#endif
+ 				return 1;
+ 			}
+ 			SSL_CTX_set_psk_server_callback(listener->ssl_ctx, psk_server_callback);
+@@ -654,7 +670,9 @@ int net__socket_listen(struct mosquitto__listener *listener)
+ 					log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to set TLS PSK hint.");
+ 					net__print_error(MOSQ_LOG_ERR, "Error: %s");
+ 					COMPAT_CLOSE(sock);
++#if !defined(OPENSSL_NO_ENGINE)
+ 					ENGINE_FINISH(engine);
++#endif
+ 					return 1;
+ 				}
+ 			}