Current Support for OpenSSL Engine/Provider Integration in MQTT Client

[lorenzopintaldi]

Hello!

I'm seeking clarification regarding the current architectural possibilities for client authentication (mutual TLS) within the MQTT client functionality of the aws-sdk-cpp when connecting to AWS IoT Core.

The context is environments where the client's private key is stored securely in a TEE and is therefore not accessible as a standard PEM file on the local disk (neither via PKCS#11)

In typical C/C++ applications using OpenSSL for TLS, the solution for this involves:

1. Using a custom OpenSSL Engine or Provider to retrieve the key material or perform cryptographic operations.
2. Passing a pre-loaded key structure (like an EVP_PKEY*) to the TLS context (SSL_CTX) instead of file paths.

The goal is to understand if the architecture already permits this kind of secure key management without requiring the key to be physically present as a file.
Thank you in advance for the clarification on the existing capabilities!

[sbaluja]

Hi. Thank you for your question. The aws-sdk-cpp does not expose an MQTT client, are you referring to AWS IoT Device SDK for C++ v2?

[lorenzopintaldi]

Hi! Thank you for your answer.
Yes, sorry — I may have opened the discussion in the wrong repository.
Should I reopen this discussion under the AWS IoT Device SDK for C++ v2 instead?

[DmitriyMusatkin]

Yes, linked repo is the correct place for that question.

[lorenzopintaldi]

Thanks!
I've posted a new discussion here.

[github-actions[bot]]

Hello! Reopening this discussion to make it searchable.