Fix TLS disabled when WebSocket is enabled

Remove !defined(ENABLE_MQTT_WEBSOCKET) guards from mqtt_socket.c and
mqtt_socket.h that incorrectly excluded the entire wolfSSL TLS layer
when --enable-websocket was configured. This broke TLS for all
non-WebSocket clients (mqttclient, firmware, etc.). The WebSocket
client handles TLS through libwebsockets and never calls these
functions, so the guards were unnecessary.

Also remove the local BrokerTls_IORecv/IOSend workaround from
mqtt_broker.c since MqttSocket_TlsSocketReceive/Send are now
available.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: embhorn

src/mqtt_broker.c

@@ -346,44 +346,6 @@ int MqttBrokerNet_Init(MqttBrokerNet* net)
 }
 
 #ifdef ENABLE_MQTT_TLS
-/* When ENABLE_MQTT_WEBSOCKET is also defined, mqtt_socket.c excludes the
- * MqttSocket_TlsSocket{Receive,Send} functions (they're meant for client-side
- * only).  The broker TLS backend needs equivalent wolfSSL IO callbacks, so
- * define them locally. */
-#ifdef ENABLE_MQTT_WEBSOCKET
-static int BrokerTls_IORecv(WOLFSSL* ssl, char *buf, int sz, void *ptr)
-{
-    int rc;
-    MqttClient *client = (MqttClient*)ptr;
-    (void)ssl;
-    rc = client->net->read(client->net->context, (byte*)buf, sz,
-        client->tls.timeout_ms_read);
-    client->tls.sockRcRead = rc;
-    if (rc == 0 || rc == MQTT_CODE_ERROR_TIMEOUT || rc == MQTT_CODE_CONTINUE) {
-        return WOLFSSL_CBIO_ERR_WANT_READ;
-    }
-    else if (rc < 0) {
-        return WOLFSSL_CBIO_ERR_GENERAL;
-    }
-    return rc;
-}
-static int BrokerTls_IOSend(WOLFSSL* ssl, char *buf, int sz, void *ptr)
-{
-    int rc;
-    MqttClient *client = (MqttClient*)ptr;
-    (void)ssl;
-    rc = client->net->write(client->net->context, (byte*)buf, sz,
-        client->tls.timeout_ms_write);
-    client->tls.sockRcWrite = rc;
-    if (rc == 0 || rc == MQTT_CODE_ERROR_TIMEOUT || rc == MQTT_CODE_CONTINUE) {
-        return WOLFSSL_CBIO_ERR_WANT_WRITE;
-    }
-    else if (rc < 0) {
-        return WOLFSSL_CBIO_ERR_GENERAL;
-    }
-    return rc;
-}
-#endif /* ENABLE_MQTT_WEBSOCKET */
 static int BrokerTls_Init(MqttBroker* broker)
 {
     WOLFSSL_CTX* ctx = NULL;
@@ -446,13 +408,8 @@ static int BrokerTls_Init(MqttBroker* broker)
 
     /* Set wolfSSL IO callbacks */
     if (rc == WOLFSSL_SUCCESS) {
-#ifdef ENABLE_MQTT_WEBSOCKET
-        wolfSSL_CTX_SetIORecv(ctx, BrokerTls_IORecv);
-        wolfSSL_CTX_SetIOSend(ctx, BrokerTls_IOSend);
-#else
         wolfSSL_CTX_SetIORecv(ctx, MqttSocket_TlsSocketReceive);
         wolfSSL_CTX_SetIOSend(ctx, MqttSocket_TlsSocketSend);
-#endif
     }
 
     /* Mutual TLS: load CA and require client certificate */

src/mqtt_socket.c

@@ -55,8 +55,7 @@
 
 
 /* Public Functions */
-#if defined(ENABLE_MQTT_TLS) && !defined(ENABLE_MQTT_CURL) && \
-    !defined(ENABLE_MQTT_WEBSOCKET)
+#if defined(ENABLE_MQTT_TLS) && !defined(ENABLE_MQTT_CURL)
 int MqttSocket_TlsSocketReceive(WOLFSSL* ssl, char *buf, int sz,
     void *ptr)
 {
@@ -101,7 +100,7 @@ int MqttSocket_TlsSocketSend(WOLFSSL* ssl, char *buf, int sz,
     }
     return rc;
 }
-#endif /* ENABLE_MQTT_TLS && !ENABLE_MQTT_CURL && !ENABLE_MQTT_WEBSOCKET*/
+#endif /* ENABLE_MQTT_TLS && !ENABLE_MQTT_CURL */
 
 int MqttSocket_Init(MqttClient *client, MqttNet *net)
 {
@@ -114,8 +113,7 @@ int MqttSocket_Init(MqttClient *client, MqttNet *net)
         client->net = net;
         MqttClient_Flags(client, (MQTT_CLIENT_FLAG_IS_CONNECTED |
             MQTT_CLIENT_FLAG_IS_TLS), 0);;
-    #if defined(ENABLE_MQTT_TLS) && !defined(ENABLE_MQTT_CURL) && \
-        !defined(ENABLE_MQTT_WEBSOCKET)
+    #if defined(ENABLE_MQTT_TLS) && !defined(ENABLE_MQTT_CURL)
         client->tls.ctx = NULL;
         client->tls.ssl = NULL;
         client->tls.timeout_ms_read = client->cmd_timeout_ms;
@@ -135,8 +133,7 @@ static int MqttSocket_WriteDo(MqttClient *client, const byte* buf, int buf_len,
 {
     int rc;
 
-#if defined(ENABLE_MQTT_TLS) && !defined(ENABLE_MQTT_CURL) && \
-    !defined(ENABLE_MQTT_WEBSOCKET)
+#if defined(ENABLE_MQTT_TLS) && !defined(ENABLE_MQTT_CURL)
     if (MqttClient_Flags(client,0,0) & MQTT_CLIENT_FLAG_IS_TLS) {
         client->tls.timeout_ms_write = timeout_ms;
         client->tls.sockRcWrite = 0; /* init value */
@@ -166,7 +163,7 @@ static int MqttSocket_WriteDo(MqttClient *client, const byte* buf, int buf_len,
         }
     }
     else
-#endif /* ENABLE_MQTT_TLS && !ENABLE_MQTT_CURL && !ENABLE_MQTT_WEBSOCKET*/
+#endif /* ENABLE_MQTT_TLS && !ENABLE_MQTT_CURL */
     {
         rc = client->net->write(client->net->context, buf, buf_len,
             timeout_ms);
@@ -238,8 +235,7 @@ static int MqttSocket_ReadDo(MqttClient *client, byte* buf, int buf_len,
 {
     int rc;
 
-#if defined(ENABLE_MQTT_TLS) && !defined(ENABLE_MQTT_CURL) && \
-    !defined(ENABLE_MQTT_WEBSOCKET)
+#if defined(ENABLE_MQTT_TLS) && !defined(ENABLE_MQTT_CURL)
     if (MqttClient_Flags(client,0,0) & MQTT_CLIENT_FLAG_IS_TLS) {
         client->tls.timeout_ms_read = timeout_ms;
         client->tls.sockRcRead = 0; /* init value */
@@ -274,7 +270,7 @@ static int MqttSocket_ReadDo(MqttClient *client, byte* buf, int buf_len,
         }
     }
     else
-#endif /* ENABLE_MQTT_TLS && !ENABLE_MQTT_CURL && !ENABLE_MQTT_WEBSOCKET */
+#endif /* ENABLE_MQTT_TLS && !ENABLE_MQTT_CURL */
     {
         rc = client->net->read(client->net->context, buf, buf_len, timeout_ms);
     }
@@ -401,8 +397,7 @@ int MqttSocket_Connect(MqttClient *client, const char* host, word16 port,
         MqttClient_Flags(client, 0, MQTT_CLIENT_FLAG_IS_CONNECTED);
     }
 
-#if defined(ENABLE_MQTT_TLS) && !defined(ENABLE_MQTT_CURL) && \
-    !defined(ENABLE_MQTT_WEBSOCKET)
+#if defined(ENABLE_MQTT_TLS) && !defined(ENABLE_MQTT_CURL)
     if (use_tls) {
         /* Clear any previous TLS error */
         client->tls.lastError = 0;
@@ -523,7 +518,7 @@ int MqttSocket_Connect(MqttClient *client, const char* host, word16 port,
 
 #else
     (void)cb;
-#endif /* ENABLE_MQTT_TLS && !ENABLE_MQTT_CURL && !ENABLE_MQTT_WEBSOCKET */
+#endif /* ENABLE_MQTT_TLS && !ENABLE_MQTT_CURL */
 
 #ifdef WOLFMQTT_DEBUG_SOCKET
     PRINTF("MqttSocket_Connect: Rc=%d", rc);

wolfmqtt/mqtt_socket.h

@@ -106,13 +106,12 @@ WOLFMQTT_LOCAL int MqttSocket_Connect(struct _MqttClient *client,
         MqttTlsCb cb);
 WOLFMQTT_LOCAL int MqttSocket_Disconnect(struct _MqttClient *client);
 
-#if defined(ENABLE_MQTT_TLS) && !defined(ENABLE_MQTT_CURL) && \
-    !defined(ENABLE_MQTT_WEBSOCKET)
+#if defined(ENABLE_MQTT_TLS) && !defined(ENABLE_MQTT_CURL)
 /* make these public for cases where user needs to create
  * WOLFSSL_CTX context and WOLFSSL object in the TLS callback */
 WOLFMQTT_API int MqttSocket_TlsSocketReceive(WOLFSSL* ssl, char *buf, int sz, void *ptr);
 WOLFMQTT_API int MqttSocket_TlsSocketSend(WOLFSSL* ssl, char *buf, int sz, void *ptr);
-#endif /* ENABLE_MQTT_TLS && !ENABLE_MQTT_CURL && !ENABLE_MQTT_WEBSOCKET */
+#endif /* ENABLE_MQTT_TLS && !ENABLE_MQTT_CURL */
 
 #ifdef __cplusplus
     } /* extern "C" */