No CRL check is happening when connecting via websockets with revoked client certificate

I have such mosquitto configuration:

log_type error
log_type warning
log_type notice
log_type information
log_dest file /logpath

listener 9005
protocol websockets
cafile /cafilepath

certfile /certfilepath

keyfile /keyfilepath

crlfile /crlfilepath

require_certificate true

use_identity_as_username true

When i connect to local mosquitto using client certificates which are revoked, no CRL check by mosquitto is happening.

If I change configuration protocol to just mqtt, CRL check works.

So, 1) My configuration could be wrong, and something is missing for configuring CRL check via websockets
2) CRL check via websockets doesn’t work in mosquitto

Have anyone bumped into this issue?


Unfortunately libwebsockets, the library that mosquitto 2.0 uses for websockets support, doesn’t support CRL checks.

This will change in 2.1 when websockets is handled by mosquitto itself.



Thanks Roger, now I can move on and live in peace.

Have a nice one!

Also, by any chance, do you know when v2.1 is scheduled?