From b0188642b1219487707775d61afc8ede0f7a9cbd Mon Sep 17 00:00:00 2001 From: Stephan Hadinger Date: Wed, 12 Aug 2020 17:20:37 +0200 Subject: [PATCH] Change triple-mode TLS via configuration in a single firmware (TLS AWS IoT, Letsencrypt and No-TLS) --- tasmota/CHANGELOG.md | 1 + tasmota/WiFiClientSecureLightBearSSL.cpp | 6 +- tasmota/WiFiClientSecureLightBearSSL.h | 3 +- tasmota/language/bg_BG.h | 2 + tasmota/language/cs_CZ.h | 2 + tasmota/language/de_DE.h | 2 + tasmota/language/el_GR.h | 2 + tasmota/language/en_GB.h | 2 + tasmota/language/es_ES.h | 2 + tasmota/language/fr_FR.h | 2 + tasmota/language/he_HE.h | 2 + tasmota/language/hu_HU.h | 2 + tasmota/language/it_IT.h | 2 + tasmota/language/ko_KO.h | 2 + tasmota/language/nl_NL.h | 2 + tasmota/language/pl_PL.h | 2 + tasmota/language/pt_BR.h | 2 + tasmota/language/pt_PT.h | 2 + tasmota/language/ro_RO.h | 2 + tasmota/language/ru_RU.h | 2 + tasmota/language/sk_SK.h | 2 + tasmota/language/sv_SE.h | 2 + tasmota/language/tr_TR.h | 2 + tasmota/language/uk_UA.h | 2 + tasmota/language/zh_CN.h | 2 + tasmota/language/zh_TW.h | 2 + tasmota/settings.h | 4 +- tasmota/support_command.ino | 2 + tasmota/tasmota_ca.ino | 29 ++++ tasmota/xdrv_01_webserver.ino | 4 + tasmota/xdrv_02_mqtt.ino | 181 ++++++++++++++--------- 31 files changed, 200 insertions(+), 76 deletions(-) diff --git a/tasmota/CHANGELOG.md b/tasmota/CHANGELOG.md index 29b1d3e43..13d8b4baf 100644 --- a/tasmota/CHANGELOG.md +++ b/tasmota/CHANGELOG.md @@ -8,6 +8,7 @@ - Add Zigbee options to ``ZbSend`` ``Config`` and ``ReadCondig`` - Add command ``Restart 2`` to halt system. Needs hardware reset or power cycle to restart (#9046) - Add command ``SetOption102 0/1`` to switch between Teleinfo French Metering mode, legacy 1200 bps (0) or Linky standard 9600 bps (1) +- Change triple-mode TLS via configuration in a single firmware (TLS AWS IoT, Letsencrypt and No-TLS) ### 8.4.0 20200730 diff --git a/tasmota/WiFiClientSecureLightBearSSL.cpp b/tasmota/WiFiClientSecureLightBearSSL.cpp index 7b92d4b6e..209555c3f 100755 --- a/tasmota/WiFiClientSecureLightBearSSL.cpp +++ b/tasmota/WiFiClientSecureLightBearSSL.cpp @@ -190,6 +190,7 @@ void WiFiClientSecure_light::_clear() { _chain_P = nullptr; _sk_ec_P = nullptr; _ta_P = nullptr; + _ta_size = 0; _max_thunkstack_use = 0; } @@ -232,8 +233,9 @@ void WiFiClientSecure_light::setClientECCert(const br_x509_certificate *cert, co _cert_issuer_key_type = cert_issuer_key_type; } -void WiFiClientSecure_light::setTrustAnchor(const br_x509_trust_anchor *ta) { +void WiFiClientSecure_light::setTrustAnchor(const br_x509_trust_anchor *ta, size_t ta_size) { _ta_P = ta; + _ta_size = ta_size; } void WiFiClientSecure_light::setBufferSizes(int recv, int xmit) { @@ -916,7 +918,7 @@ bool WiFiClientSecure_light::_connectSSL(const char* hostName) { #ifdef USE_MQTT_TLS_CA_CERT x509_minimal = (br_x509_minimal_context*) malloc(sizeof(br_x509_minimal_context)); if (!x509_minimal) break; - br_x509_minimal_init(x509_minimal, &br_sha256_vtable, _ta_P, 1); + br_x509_minimal_init(x509_minimal, &br_sha256_vtable, _ta_P, _ta_size); br_x509_minimal_set_rsa(x509_minimal, br_ssl_engine_get_rsavrfy(_eng)); br_x509_minimal_set_hash(x509_minimal, br_sha256_ID, &br_sha256_vtable); br_ssl_engine_set_x509(_eng, &x509_minimal->vtable); diff --git a/tasmota/WiFiClientSecureLightBearSSL.h b/tasmota/WiFiClientSecureLightBearSSL.h index 274f1b2dc..67f74b0db 100755 --- a/tasmota/WiFiClientSecureLightBearSSL.h +++ b/tasmota/WiFiClientSecureLightBearSSL.h @@ -75,7 +75,7 @@ class WiFiClientSecure_light : public WiFiClient { void setClientECCert(const br_x509_certificate *cert, const br_ec_private_key *sk, unsigned allowed_usages, unsigned cert_issuer_key_type); - void setTrustAnchor(const br_x509_trust_anchor *ta); + void setTrustAnchor(const br_x509_trust_anchor *ta, size_t ta_size); // Sets the requested buffer size for transmit and receive void setBufferSizes(int recv, int xmit); @@ -142,6 +142,7 @@ class WiFiClientSecure_light : public WiFiClient { const br_x509_certificate *_chain_P; // PROGMEM certificate const br_ec_private_key *_sk_ec_P; // PROGMEM private key const br_x509_trust_anchor *_ta_P; // PROGMEM server CA + size_t _ta_size; unsigned _allowed_usages; unsigned _cert_issuer_key_type; diff --git a/tasmota/language/bg_BG.h b/tasmota/language/bg_BG.h index 666fada9b..167a5315b 100644 --- a/tasmota/language/bg_BG.h +++ b/tasmota/language/bg_BG.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Device Name" #define D_WEB_ADMIN_PASSWORD "Парола на уеб администратора" #define D_MQTT_ENABLE "Активиране на MQTT" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "Приятелско име" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Hue Bridge" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "MQTT топик" #define D_MQTT_GROUP_TOPIC "MQTT групов топик" #define D_MQTT_FULL_TOPIC "MQTT пълен топик" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "mDNS откриване" #define D_MDNS_ADVERTISE "mDNS известяване" #define D_ESP_CHIP_ID "ID на ESP чипа" diff --git a/tasmota/language/cs_CZ.h b/tasmota/language/cs_CZ.h index 17ffaa046..b4f3251fb 100644 --- a/tasmota/language/cs_CZ.h +++ b/tasmota/language/cs_CZ.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Device Name" #define D_WEB_ADMIN_PASSWORD "Heslo Web administrátora" #define D_MQTT_ENABLE "MQTT aktivní" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "Friendly Name" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Hue Bridge" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "Topic MQTT" #define D_MQTT_GROUP_TOPIC "Topic skupiny MQTT" #define D_MQTT_FULL_TOPIC "Celý topic MQTT" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "Získávání mDNS" #define D_MDNS_ADVERTISE "Rozesílání mDNS" #define D_ESP_CHIP_ID "ID systému ESP" diff --git a/tasmota/language/de_DE.h b/tasmota/language/de_DE.h index 271dbc056..241bb8a8f 100644 --- a/tasmota/language/de_DE.h +++ b/tasmota/language/de_DE.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Device Name" #define D_WEB_ADMIN_PASSWORD "Passwort für Web Oberfläche" #define D_MQTT_ENABLE "MQTT aktivieren" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "Name [friendly name]" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Hue Bridge" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "MQTT Topic" #define D_MQTT_GROUP_TOPIC "MQTT Group Topic" #define D_MQTT_FULL_TOPIC "MQTT Full Topic" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "mDNS-Ermittlung" #define D_MDNS_ADVERTISE "mDNS-Bekanntmachung" #define D_ESP_CHIP_ID "ESP Chip ID" diff --git a/tasmota/language/el_GR.h b/tasmota/language/el_GR.h index f3cf5d462..024466885 100644 --- a/tasmota/language/el_GR.h +++ b/tasmota/language/el_GR.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Device Name" #define D_WEB_ADMIN_PASSWORD "Κωδικός διαχειριστή" #define D_MQTT_ENABLE "Ενεργοποίηση MQTT" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "Φιλική ονομασία" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Hue Bridge" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "MQTT Topic" #define D_MQTT_GROUP_TOPIC "MQTT Group Topic" #define D_MQTT_FULL_TOPIC "MQTT Full Topic" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "mDNS Discovery" #define D_MDNS_ADVERTISE "mDNS Advertise" #define D_ESP_CHIP_ID "ESP Chip Id" diff --git a/tasmota/language/en_GB.h b/tasmota/language/en_GB.h index b65848dfe..64969eca8 100644 --- a/tasmota/language/en_GB.h +++ b/tasmota/language/en_GB.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Device Name" #define D_WEB_ADMIN_PASSWORD "Web Admin Password" #define D_MQTT_ENABLE "MQTT enable" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "Friendly Name" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Hue Bridge" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "MQTT Topic" #define D_MQTT_GROUP_TOPIC "MQTT Group Topic" #define D_MQTT_FULL_TOPIC "MQTT Full Topic" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "mDNS Discovery" #define D_MDNS_ADVERTISE "mDNS Advertise" #define D_ESP_CHIP_ID "ESP Chip Id" diff --git a/tasmota/language/es_ES.h b/tasmota/language/es_ES.h index 53df0312d..fc0be8df1 100644 --- a/tasmota/language/es_ES.h +++ b/tasmota/language/es_ES.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Nombre de Dispositivo" #define D_WEB_ADMIN_PASSWORD "Clave Administrador Web" #define D_MQTT_ENABLE "Habilitar MQTT" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "Nombre Amigable" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Hue Bridge" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "Topic MQTT" #define D_MQTT_GROUP_TOPIC "Group Topic MQTT" #define D_MQTT_FULL_TOPIC "Full Topic MQTT" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "mDNS Discovery" #define D_MDNS_ADVERTISE "mDNS Advertise" #define D_ESP_CHIP_ID "ESP Chip Id" diff --git a/tasmota/language/fr_FR.h b/tasmota/language/fr_FR.h index 503ee0792..e6e086509 100644 --- a/tasmota/language/fr_FR.h +++ b/tasmota/language/fr_FR.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Device Name" #define D_WEB_ADMIN_PASSWORD "Mot de passe Web Admin" #define D_MQTT_ENABLE "MQTT activé" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "Surnom" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Hue Bridge" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "Topic MQTT" #define D_MQTT_GROUP_TOPIC "Groupe topic MQTT" #define D_MQTT_FULL_TOPIC "Topic complet MQTT" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "Découverte mDNS" #define D_MDNS_ADVERTISE "Annonce mDNS" #define D_ESP_CHIP_ID "ESP Chip Id" diff --git a/tasmota/language/he_HE.h b/tasmota/language/he_HE.h index 763c8f09e..a241a074a 100644 --- a/tasmota/language/he_HE.h +++ b/tasmota/language/he_HE.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Device Name" #define D_WEB_ADMIN_PASSWORD "סיסמת מנהל" #define D_MQTT_ENABLE "MQTT אפשר" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "שם ידידותי" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Hue Bridge" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "MQTT נושא" #define D_MQTT_GROUP_TOPIC "MQTT נושא קבוצת" #define D_MQTT_FULL_TOPIC "MQTT נושא מלא" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "mDNS זיהוי" #define D_MDNS_ADVERTISE "mDNS פרסום" #define D_ESP_CHIP_ID "ESP מס' רכיב" diff --git a/tasmota/language/hu_HU.h b/tasmota/language/hu_HU.h index 251d1b919..ecc93125d 100644 --- a/tasmota/language/hu_HU.h +++ b/tasmota/language/hu_HU.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Device Name" #define D_WEB_ADMIN_PASSWORD "Web admin jelszó" #define D_MQTT_ENABLE "MQTT engedélyezése" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "Név" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Hue Bridge" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "MQTT topic" #define D_MQTT_GROUP_TOPIC "MQTT csoport topic" #define D_MQTT_FULL_TOPIC "MQTT teljes topic" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "mDNS láthatóság" #define D_MDNS_ADVERTISE "mDNS hirdetés" #define D_ESP_CHIP_ID "ESP chip ID" diff --git a/tasmota/language/it_IT.h b/tasmota/language/it_IT.h index 2cdffa8de..d25ff5e94 100644 --- a/tasmota/language/it_IT.h +++ b/tasmota/language/it_IT.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Nome dispositivo" #define D_WEB_ADMIN_PASSWORD "Password amministratore web" #define D_MQTT_ENABLE "Abilita MQTT" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "Nome amichevole" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Bridge Hue" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "Topic MQTT" #define D_MQTT_GROUP_TOPIC "Gruppo topic MQTT" #define D_MQTT_FULL_TOPIC "Full topic MQTT" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "Ricerca mDNS" #define D_MDNS_ADVERTISE "Notifica mDNS" #define D_ESP_CHIP_ID "ID chip ESP" diff --git a/tasmota/language/ko_KO.h b/tasmota/language/ko_KO.h index 27748c1b5..e554c1d01 100644 --- a/tasmota/language/ko_KO.h +++ b/tasmota/language/ko_KO.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Device Name" #define D_WEB_ADMIN_PASSWORD "Web Admin 비밀번호" #define D_MQTT_ENABLE "MQTT 사용" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "Friendly Name" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Hue Bridge" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "MQTT Topic" #define D_MQTT_GROUP_TOPIC "MQTT Group Topic" #define D_MQTT_FULL_TOPIC "MQTT Full Topic" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "mDNS Discovery" #define D_MDNS_ADVERTISE "mDNS Advertise" #define D_ESP_CHIP_ID "ESP 칩 Id" diff --git a/tasmota/language/nl_NL.h b/tasmota/language/nl_NL.h index a8a238f62..d4ad9e0ea 100644 --- a/tasmota/language/nl_NL.h +++ b/tasmota/language/nl_NL.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Apparaatnaam" #define D_WEB_ADMIN_PASSWORD "Web Admin Wachtwoord" #define D_MQTT_ENABLE "MQTT ingeschakeld" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "Beschrijvende naam" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Hue Bridge" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "MQTT Topic" #define D_MQTT_GROUP_TOPIC "MQTT Groep Topic" #define D_MQTT_FULL_TOPIC "MQTT Volledig Topic" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "mDNS Discovery" #define D_MDNS_ADVERTISE "mDNS Advertise" #define D_ESP_CHIP_ID "ESP Chip Id" diff --git a/tasmota/language/pl_PL.h b/tasmota/language/pl_PL.h index 145f5a012..36f751d86 100644 --- a/tasmota/language/pl_PL.h +++ b/tasmota/language/pl_PL.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Device Name" #define D_WEB_ADMIN_PASSWORD "Hasło administratora" #define D_MQTT_ENABLE "Załącz MQTT" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "Nazwa" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Mostek Hue" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "Temat" #define D_MQTT_GROUP_TOPIC "Temat grupy" #define D_MQTT_FULL_TOPIC "Pełny temat" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "Wykrywanie mDNS" #define D_MDNS_ADVERTISE "Rozgłaszanie mDNS" #define D_ESP_CHIP_ID "ID ukladu ESP" diff --git a/tasmota/language/pt_BR.h b/tasmota/language/pt_BR.h index ec84e8d4c..85e3707de 100644 --- a/tasmota/language/pt_BR.h +++ b/tasmota/language/pt_BR.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Device Name" #define D_WEB_ADMIN_PASSWORD "Senha de WEB Admin" #define D_MQTT_ENABLE "MQTT habilitado" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "Nome amigável" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Hue Bridge" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "MQTT Tópico" #define D_MQTT_GROUP_TOPIC "MQTT Tópico Grupo" #define D_MQTT_FULL_TOPIC "MQTT Tópico Completo" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "Descobrir mDNS" #define D_MDNS_ADVERTISE "Anunciar mDNS" #define D_ESP_CHIP_ID "ESP Chip Id" diff --git a/tasmota/language/pt_PT.h b/tasmota/language/pt_PT.h index a593f0387..131e6f72d 100644 --- a/tasmota/language/pt_PT.h +++ b/tasmota/language/pt_PT.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Device Name" #define D_WEB_ADMIN_PASSWORD "Palavra Chave do Admin WEB" #define D_MQTT_ENABLE "MQTT habilitado" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "Nome amigável" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Hue Bridge" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "Tópico MQTT" #define D_MQTT_GROUP_TOPIC "Tópico MQTT de Grupo" #define D_MQTT_FULL_TOPIC "Tópico MQTT Completo" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "Descobrir mDNS" #define D_MDNS_ADVERTISE "Anunciar mDNS" #define D_ESP_CHIP_ID "ID do chip ESP" diff --git a/tasmota/language/ro_RO.h b/tasmota/language/ro_RO.h index 254becc0a..366288e21 100644 --- a/tasmota/language/ro_RO.h +++ b/tasmota/language/ro_RO.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Device Name" #define D_WEB_ADMIN_PASSWORD "Parolă Web Admin" #define D_MQTT_ENABLE "Activare MQTT" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "Friendly Name" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Hue Bridge" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "Subiect MQTT" #define D_MQTT_GROUP_TOPIC "Subiect Grup MQTT" #define D_MQTT_FULL_TOPIC "Subiect Întreg MQTT" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "Descoperă mDNS" #define D_MDNS_ADVERTISE "Publică mDNS" #define D_ESP_CHIP_ID "ESP Chip Id" diff --git a/tasmota/language/ru_RU.h b/tasmota/language/ru_RU.h index 42ffc71a3..4f61ccf85 100644 --- a/tasmota/language/ru_RU.h +++ b/tasmota/language/ru_RU.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Device Name" #define D_WEB_ADMIN_PASSWORD "Пароль Web администратора" #define D_MQTT_ENABLE "MQTT активен" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "Дружественное Имя" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Hue Bridge" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "MQTT Топик" #define D_MQTT_GROUP_TOPIC "MQTT Топик группы" #define D_MQTT_FULL_TOPIC "MQTT Топик полный" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "mDNS Обнаружение" #define D_MDNS_ADVERTISE "mDNS Транcляция" #define D_ESP_CHIP_ID "ID чипа ESP" diff --git a/tasmota/language/sk_SK.h b/tasmota/language/sk_SK.h index 3a6bde464..459e18f53 100644 --- a/tasmota/language/sk_SK.h +++ b/tasmota/language/sk_SK.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Device Name" #define D_WEB_ADMIN_PASSWORD "Heslo Web administrátora" #define D_MQTT_ENABLE "MQTT aktívne" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "Friendly Name" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Hue Bridge" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "Topic MQTT" #define D_MQTT_GROUP_TOPIC "Topic skupiny MQTT" #define D_MQTT_FULL_TOPIC "Celý topic MQTT" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "Získavanie mDNS" #define D_MDNS_ADVERTISE "Rozosielanie mDNS" #define D_ESP_CHIP_ID "ID systému ESP" diff --git a/tasmota/language/sv_SE.h b/tasmota/language/sv_SE.h index 750413c9a..2b41cd231 100644 --- a/tasmota/language/sv_SE.h +++ b/tasmota/language/sv_SE.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Device Name" #define D_WEB_ADMIN_PASSWORD "Webbadmin-lösenord" #define D_MQTT_ENABLE "MQTT aktivera" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "Läsbart namn" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Hue Bridge" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "MQTT-ämne" #define D_MQTT_GROUP_TOPIC "MQTT gruppämne" #define D_MQTT_FULL_TOPIC "MQTT fullt ämne" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "mDNS upptäckning" #define D_MDNS_ADVERTISE "mDNS annonsering" #define D_ESP_CHIP_ID "ESP Chip Id" diff --git a/tasmota/language/tr_TR.h b/tasmota/language/tr_TR.h index ee5c37f6d..db9774276 100644 --- a/tasmota/language/tr_TR.h +++ b/tasmota/language/tr_TR.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Device Name" #define D_WEB_ADMIN_PASSWORD "Web Yönetici Şifresi" #define D_MQTT_ENABLE "MQTT aktif" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "Kullanıcı Dostu İsim" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Hue Bridge" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "MQTT Topiği" #define D_MQTT_GROUP_TOPIC "MQTT Grup Topiği" #define D_MQTT_FULL_TOPIC "MQTT Full Topik" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "mDNS Keşfi" #define D_MDNS_ADVERTISE "mDNS Yayını" #define D_ESP_CHIP_ID "ESP Chip Id" diff --git a/tasmota/language/uk_UA.h b/tasmota/language/uk_UA.h index 7279149ac..e55a92a28 100644 --- a/tasmota/language/uk_UA.h +++ b/tasmota/language/uk_UA.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Device Name" #define D_WEB_ADMIN_PASSWORD "Гасло адміністратора Web" #define D_MQTT_ENABLE "MQTT активний" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "Дружня назва" #define D_BELKIN_WEMO "Belkin WeMo" #define D_HUE_BRIDGE "Міст Hue" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "MQTT Топік" #define D_MQTT_GROUP_TOPIC "MQTT Топік групи" #define D_MQTT_FULL_TOPIC "MQTT Топік повний" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "mDNS Виявлення" #define D_MDNS_ADVERTISE "mDNS Анонс" #define D_ESP_CHIP_ID "ID чипу ESP" diff --git a/tasmota/language/zh_CN.h b/tasmota/language/zh_CN.h index b86fabc53..26c534009 100644 --- a/tasmota/language/zh_CN.h +++ b/tasmota/language/zh_CN.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "Device Name" #define D_WEB_ADMIN_PASSWORD "WEB 管理密码" #define D_MQTT_ENABLE "启用MQTT" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "昵称" #define D_BELKIN_WEMO "贝尔金 WeMo" #define D_HUE_BRIDGE "飞利浦 Hue 网桥" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "MQTT 主题" #define D_MQTT_GROUP_TOPIC "MQTT 主题组" #define D_MQTT_FULL_TOPIC "MQTT 完整主题" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "mDNS 发现" #define D_MDNS_ADVERTISE "mDNS 广播" #define D_ESP_CHIP_ID "ESP 芯片 ID" diff --git a/tasmota/language/zh_TW.h b/tasmota/language/zh_TW.h index eb98e22a9..e92e68ad2 100644 --- a/tasmota/language/zh_TW.h +++ b/tasmota/language/zh_TW.h @@ -307,6 +307,7 @@ #define D_DEVICE_NAME "裝置名稱" #define D_WEB_ADMIN_PASSWORD "網頁上的管理員密碼" #define D_MQTT_ENABLE "MQTT的啟用" +#define D_MQTT_TLS_ENABLE "MQTT TLS" #define D_FRIENDLY_NAME "暱稱" #define D_BELKIN_WEMO "貝爾金 WeMo" #define D_HUE_BRIDGE "Hue 橋接器" @@ -335,6 +336,7 @@ #define D_MQTT_TOPIC "MQTT 主題(Topic)" #define D_MQTT_GROUP_TOPIC "MQTT 群組主題" #define D_MQTT_FULL_TOPIC "MQTT 完整主題" +#define D_MQTT_NO_RETAIN "MQTT No Retain" #define D_MDNS_DISCOVERY "mDNS 探索" #define D_MDNS_ADVERTISE "mDNS 廣播" #define D_ESP_CHIP_ID "ESP晶片ID" diff --git a/tasmota/settings.h b/tasmota/settings.h index 7241efc33..84a0de08e 100644 --- a/tasmota/settings.h +++ b/tasmota/settings.h @@ -122,8 +122,8 @@ typedef union { // Restricted by MISRA-C Rule 18.4 bu uint32_t remove_zbreceived : 1; // bit 18 (v8.3.1.7) - SetOption100 - Remove ZbReceived form JSON message uint32_t zb_index_ep : 1; // bit 19 (v8.3.1.7) - SetOption101 - Add the source endpoint as suffix to attributes, ex `Power3` instead of `Power` if sent from endpoint 3 uint32_t teleinfo_baudrate : 1; // bit 20 (v8.4.0.1) - SetOption102 - Set Baud rate for Teleinfo communication (0 = 1200 or 1 = 9600) - uint32_t spare21 : 1; - uint32_t spare22 : 1; + uint32_t mqtt_tls : 1; // bit 21 (v8.4.0.1) - SetOption103 - Enable TLS mode (requires TLS version) + uint32_t mqtt_no_retain : 1; // bit 22 (v8.4.0.1) - SetOption104 - No Retain - disable all MQTT retained messages, some brokers don't support it: AWS IoT, Losant uint32_t spare23 : 1; uint32_t spare24 : 1; uint32_t spare25 : 1; diff --git a/tasmota/support_command.ino b/tasmota/support_command.ino index bd8019be9..7b08723ea 100644 --- a/tasmota/support_command.ino +++ b/tasmota/support_command.ino @@ -905,6 +905,8 @@ void CmndSetoption(void) case 6: // SetOption88 - PWM Dimmer Buttons control remote devices case 15: // SetOption97 - Set Baud rate for TuyaMCU serial communication (0 = 9600 or 1 = 115200) case 20: // SetOption102 - Set Baud rate for Teleinfo serial communication (0 = 1200 or 1 = 9600) + case 21: // SetOption103 - Enable TLS mode (requires TLS version) + case 22: // SetOption104 - No Retain - disable all MQTT retained messages, some brokers don't support it: AWS IoT, Losant restart_flag = 2; break; } diff --git a/tasmota/tasmota_ca.ino b/tasmota/tasmota_ca.ino index 1db0a8c63..a3377b305 100644 --- a/tasmota/tasmota_ca.ino +++ b/tasmota/tasmota_ca.ino @@ -146,6 +146,35 @@ const br_x509_trust_anchor PROGMEM AmazonRootCA1_TA = { } }; +// cumulative CA +const br_x509_trust_anchor PROGMEM Tasmota_TA[] = { + { + { (unsigned char *)LetsEncrypt_DN, sizeof LetsEncrypt_DN }, + BR_X509_TA_CA, + { + BR_KEYTYPE_RSA, + { .rsa = { + (unsigned char *)LetsEncrypt_RSA_N, sizeof LetsEncrypt_RSA_N, + (unsigned char *)LetsEncrypt_RSA_E, sizeof LetsEncrypt_RSA_E, + } } + } + } + , + { + { (unsigned char *)AmazonRootCA1_DN, sizeof AmazonRootCA1_DN }, + BR_X509_TA_CA, + { + BR_KEYTYPE_RSA, + { .rsa = { + (unsigned char *)AmazonRootCA1_RSA_N, sizeof AmazonRootCA1_RSA_N, + (unsigned char *)AmazonRootCA1_RSA_E, sizeof AmazonRootCA1_RSA_E, + } } + } + } +}; + +const size_t Tasmota_TA_size = ARRAY_SIZE(Tasmota_TA); + // we add a separate CA for telegram /*********************************************************************************************\ * GoDaddy Daddy Secure Certificate Authority - G2, RSA 2048 bits SHA 256, valid until 20220523 diff --git a/tasmota/xdrv_01_webserver.ino b/tasmota/xdrv_01_webserver.ino index 780b79ab5..11e0281b4 100644 --- a/tasmota/xdrv_01_webserver.ino +++ b/tasmota/xdrv_01_webserver.ino @@ -2475,6 +2475,9 @@ void HandleInformation(void) if (Settings.flag.mqtt_enabled) { // SetOption3 - Enable MQTT WSContentSend_P(PSTR("}1" D_MQTT_HOST "}2%s"), SettingsText(SET_MQTT_HOST)); WSContentSend_P(PSTR("}1" D_MQTT_PORT "}2%d"), Settings.mqtt_port); +#ifdef USE_MQTT_TLS + WSContentSend_P(PSTR("}1" D_MQTT_TLS_ENABLE "}2%s"), Settings.flag4.mqtt_tls ? PSTR(D_ENABLED) : PSTR(D_DISABLED)); +#endif // USE_MQTT_TLS WSContentSend_P(PSTR("}1" D_MQTT_USER "}2%s"), SettingsText(SET_MQTT_USER)); WSContentSend_P(PSTR("}1" D_MQTT_CLIENT "}2%s"), mqtt_client); WSContentSend_P(PSTR("}1" D_MQTT_TOPIC "}2%s"), SettingsText(SET_MQTT_TOPIC)); @@ -2487,6 +2490,7 @@ void HandleInformation(void) } WSContentSend_P(PSTR("}1" D_MQTT_FULL_TOPIC "}2%s"), GetTopic_P(stopic, CMND, mqtt_topic, "")); WSContentSend_P(PSTR("}1" D_MQTT " " D_FALLBACK_TOPIC "}2%s"), GetFallbackTopic_P(stopic, "")); + WSContentSend_P(PSTR("}1" D_MQTT_NO_RETAIN "}2%s"), Settings.flag4.mqtt_no_retain ? PSTR(D_ENABLED) : PSTR(D_DISABLED)); } else { WSContentSend_P(PSTR("}1" D_MQTT "}2" D_DISABLED)); } diff --git a/tasmota/xdrv_02_mqtt.ino b/tasmota/xdrv_02_mqtt.ino index a9038a941..767e65b8e 100644 --- a/tasmota/xdrv_02_mqtt.ino +++ b/tasmota/xdrv_02_mqtt.ino @@ -24,9 +24,8 @@ #ifdef USE_MQTT_TLS #include "WiFiClientSecureLightBearSSL.h" BearSSL::WiFiClientSecure_light *tlsClient; -#else - WiFiClient EspClient; // Wifi Client #endif +WiFiClient EspClient; // Wifi Client - non-TLS const char kMqttCommands[] PROGMEM = "|" // No prefix #if defined(USE_MQTT_TLS) && !defined(USE_MQTT_TLS_CA_CERT) @@ -58,10 +57,12 @@ struct MQTT { uint8_t initial_connection_state = 2; // MQTT connection messages state bool connected = false; // MQTT virtual connection status bool allowed = false; // MQTT enabled and parameters valid + bool tls_private_key = false; // MQTT require a private key before connecting } Mqtt; #ifdef USE_MQTT_TLS +// This part of code is necessary to store Private Key and Cert in Flash #ifdef USE_MQTT_AWS_IOT #include @@ -139,33 +140,43 @@ void MakeValidMqtt(uint32_t option, char* str) #error "MQTT_MAX_PACKET_SIZE is too small in libraries/PubSubClient/src/PubSubClient.h, increase it to at least 1200" #endif -#ifdef USE_MQTT_TLS PubSubClient MqttClient; -#else -PubSubClient MqttClient(EspClient); -#endif void MqttInit(void) { #ifdef USE_MQTT_TLS - tlsClient = new BearSSL::WiFiClientSecure_light(1024,1024); + if ((8883 == Settings.mqtt_port) || (8884 == Settings.mqtt_port)) { + // Turn on TLS for port 8883 (TLS) and 8884 (TLS, client certificate) + Settings.flag4.mqtt_tls = true; + } + + // Detect AWS IoT and set default parameters + String host = String(SettingsText(SET_MQTT_HOST)); + if (host.indexOf(".iot.") && host.endsWith(".amazonaws.com")) { // look for ".iot." and ".amazonaws.com" in the domain name + Settings.flag4.mqtt_no_retain = true; + Mqtt.tls_private_key = true; + } + + if (Settings.flag4.mqtt_tls) { + tlsClient = new BearSSL::WiFiClientSecure_light(1024,1024); #ifdef USE_MQTT_AWS_IOT - loadTlsDir(); // load key and certificate data from Flash - tlsClient->setClientECCert(AWS_IoT_Client_Certificate, - AWS_IoT_Private_Key, - 0xFFFF /* all usages, don't care */, 0); + loadTlsDir(); // load key and certificate data from Flash + tlsClient->setClientECCert(AWS_IoT_Client_Certificate, + AWS_IoT_Private_Key, + 0xFFFF /* all usages, don't care */, 0); #endif #ifdef USE_MQTT_TLS_CA_CERT -#ifdef USE_MQTT_AWS_IOT - tlsClient->setTrustAnchor(&AmazonRootCA1_TA); -#else - tlsClient->setTrustAnchor(&LetsEncryptX3CrossSigned_TA); -#endif // USE_MQTT_AWS_IOT + tlsClient->setTrustAnchor(Tasmota_TA, ARRAY_SIZE(Tasmota_TA)); #endif // USE_MQTT_TLS_CA_CERT - MqttClient.setClient(*tlsClient); + MqttClient.setClient(*tlsClient); + } else { + MqttClient.setClient(EspClient); // non-TLS + } +#else // USE_MQTT_TLS + MqttClient.setClient(EspClient); #endif // USE_MQTT_TLS } @@ -286,12 +297,9 @@ void MqttPublish(const char* topic, bool retained) ShowFreeMem(PSTR("MqttPublish")); #endif -#if defined(USE_MQTT_TLS) && defined(USE_MQTT_AWS_IOT) || defined(MQTT_NO_RETAIN) -// if (retained) { -// AddLog_P(LOG_LEVEL_INFO, S_LOG_MQTT, PSTR("Retained are not supported by AWS IoT, using retained = false.")); -// } - retained = false; // AWS IoT does not support retained, it will disconnect if received -#endif + if (Settings.flag4.mqtt_no_retain) { + retained = false; // Some brokers don't support retained, they will disconnect if received + } char sretained[CMDSZ]; sretained[0] = '\0'; @@ -570,8 +578,10 @@ void MqttReconnect(void) } #if defined(USE_MQTT_TLS) && defined(USE_MQTT_AWS_IOT) // don't enable MQTT for AWS IoT if Private Key or Certificate are not set - if (!AWS_IoT_Private_Key || !AWS_IoT_Client_Certificate) { - Mqtt.allowed = false; + if (Settings.flag4.mqtt_tls && Mqtt.tls_private_key) { + if (!AWS_IoT_Private_Key || !AWS_IoT_Client_Certificate) { + Mqtt.allowed = false; + } } #endif } @@ -604,7 +614,12 @@ void MqttReconnect(void) if (MqttClient.connected()) { MqttClient.disconnect(); } #ifdef USE_MQTT_TLS - tlsClient->stop(); + if (Settings.flag4.mqtt_tls) { + tlsClient->stop(); + } else { + EspClient = WiFiClient(); // Wifi Client reconnect issue 4497 (https://github.com/esp8266/Arduino/issues/4497) + MqttClient.setClient(EspClient); + } #else EspClient = WiFiClient(); // Wifi Client reconnect issue 4497 (https://github.com/esp8266/Arduino/issues/4497) MqttClient.setClient(EspClient); @@ -617,35 +632,47 @@ void MqttReconnect(void) MqttClient.setCallback(MqttDataHandler); #if defined(USE_MQTT_TLS) && defined(USE_MQTT_AWS_IOT) // re-assign private keys in case it was updated in between - tlsClient->setClientECCert(AWS_IoT_Client_Certificate, - AWS_IoT_Private_Key, - 0xFFFF /* all usages, don't care */, 0); + if (Settings.flag4.mqtt_tls) { + tlsClient->setClientECCert(AWS_IoT_Client_Certificate, + AWS_IoT_Private_Key, + 0xFFFF /* all usages, don't care */, 0); + } #endif MqttClient.setServer(SettingsText(SET_MQTT_HOST), Settings.mqtt_port); uint32_t mqtt_connect_time = millis(); #if defined(USE_MQTT_TLS) && !defined(USE_MQTT_TLS_CA_CERT) - bool allow_all_fingerprints = false; - bool learn_fingerprint1 = is_fingerprint_mono_value(Settings.mqtt_fingerprint[0], 0x00); - bool learn_fingerprint2 = is_fingerprint_mono_value(Settings.mqtt_fingerprint[1], 0x00); - allow_all_fingerprints |= is_fingerprint_mono_value(Settings.mqtt_fingerprint[0], 0xff); - allow_all_fingerprints |= is_fingerprint_mono_value(Settings.mqtt_fingerprint[1], 0xff); - allow_all_fingerprints |= learn_fingerprint1; - allow_all_fingerprints |= learn_fingerprint2; - tlsClient->setPubKeyFingerprint(Settings.mqtt_fingerprint[0], Settings.mqtt_fingerprint[1], allow_all_fingerprints); + bool allow_all_fingerprints; + bool learn_fingerprint1; + bool learn_fingerprint2; + if (Settings.flag4.mqtt_tls) { + allow_all_fingerprints = false; + learn_fingerprint1 = is_fingerprint_mono_value(Settings.mqtt_fingerprint[0], 0x00); + learn_fingerprint2 = is_fingerprint_mono_value(Settings.mqtt_fingerprint[1], 0x00); + allow_all_fingerprints |= is_fingerprint_mono_value(Settings.mqtt_fingerprint[0], 0xff); + allow_all_fingerprints |= is_fingerprint_mono_value(Settings.mqtt_fingerprint[1], 0xff); + allow_all_fingerprints |= learn_fingerprint1; + allow_all_fingerprints |= learn_fingerprint2; + tlsClient->setPubKeyFingerprint(Settings.mqtt_fingerprint[0], Settings.mqtt_fingerprint[1], allow_all_fingerprints); + } #endif + bool lwt_retain = Settings.flag4.mqtt_no_retain ? false : true; // no retained last will if "no_retain" #if defined(USE_MQTT_TLS) && defined(USE_MQTT_AWS_IOT) - AddLog_P2(LOG_LEVEL_INFO, PSTR(D_LOG_MQTT "AWS IoT endpoint: %s"), SettingsText(SET_MQTT_HOST)); - if (MqttClient.connect(mqtt_client, nullptr, nullptr, stopic, 1, false, mqtt_data, MQTT_CLEAN_SESSION)) { -#else - if (MqttClient.connect(mqtt_client, mqtt_user, mqtt_pwd, stopic, 1, true, mqtt_data, MQTT_CLEAN_SESSION)) { + if (Settings.flag4.mqtt_tls && Mqtt.tls_private_key) { + // If we require private key then we should null user/pwd + mqtt_user = nullptr; + mqtt_pwd = nullptr; + } #endif + + if (MqttClient.connect(mqtt_client, mqtt_user, mqtt_pwd, stopic, 1, lwt_retain, mqtt_data, MQTT_CLEAN_SESSION)) { #ifdef USE_MQTT_TLS - AddLog_P2(LOG_LEVEL_INFO, PSTR(D_LOG_MQTT "TLS connected in %d ms, max ThunkStack used %d"), - millis() - mqtt_connect_time, tlsClient->getMaxThunkStackUse()); - if (!tlsClient->getMFLNStatus()) { - AddLog_P(LOG_LEVEL_INFO, S_LOG_MQTT, PSTR("MFLN not supported by TLS server")); - } + if (Settings.flag4.mqtt_tls) { + AddLog_P2(LOG_LEVEL_INFO, PSTR(D_LOG_MQTT "TLS connected in %d ms, max ThunkStack used %d"), + millis() - mqtt_connect_time, tlsClient->getMaxThunkStackUse()); + if (!tlsClient->getMFLNStatus()) { + AddLog_P(LOG_LEVEL_INFO, S_LOG_MQTT, PSTR("MFLN not supported by TLS server")); + } #ifndef USE_MQTT_TLS_CA_CERT // don't bother with fingerprints if using CA validation // **** Start patch Castellucci /* @@ -678,40 +705,43 @@ void MqttReconnect(void) } } */ - const uint8_t *recv_fingerprint = tlsClient->getRecvPubKeyFingerprint(); - // create a printable version of the fingerprint received - char buf_fingerprint[64]; - ToHex_P(recv_fingerprint, 20, buf_fingerprint, sizeof(buf_fingerprint), ' '); - AddLog_P2(LOG_LEVEL_DEBUG, PSTR(D_LOG_MQTT "Server fingerprint: %s"), buf_fingerprint); + const uint8_t *recv_fingerprint = tlsClient->getRecvPubKeyFingerprint(); + // create a printable version of the fingerprint received + char buf_fingerprint[64]; + ToHex_P(recv_fingerprint, 20, buf_fingerprint, sizeof(buf_fingerprint), ' '); + AddLog_P2(LOG_LEVEL_DEBUG, PSTR(D_LOG_MQTT "Server fingerprint: %s"), buf_fingerprint); - bool learned = false; + bool learned = false; - // If the fingerprint slot is marked for update, we'll do so. - // Otherwise, if the fingerprint slot had the magic trust-on-first-use - // value, we will save the current fingerprint there, but only if the other fingerprint slot - // *didn't* match it. - if (recv_fingerprint[20] & 0x1 || (learn_fingerprint1 && 0 != memcmp(recv_fingerprint, Settings.mqtt_fingerprint[1], 20))) { - memcpy(Settings.mqtt_fingerprint[0], recv_fingerprint, 20); - learned = true; - } - // As above, but for the other slot. - if (recv_fingerprint[20] & 0x2 || (learn_fingerprint2 && 0 != memcmp(recv_fingerprint, Settings.mqtt_fingerprint[0], 20))) { - memcpy(Settings.mqtt_fingerprint[1], recv_fingerprint, 20); - learned = true; - } + // If the fingerprint slot is marked for update, we'll do so. + // Otherwise, if the fingerprint slot had the magic trust-on-first-use + // value, we will save the current fingerprint there, but only if the other fingerprint slot + // *didn't* match it. + if (recv_fingerprint[20] & 0x1 || (learn_fingerprint1 && 0 != memcmp(recv_fingerprint, Settings.mqtt_fingerprint[1], 20))) { + memcpy(Settings.mqtt_fingerprint[0], recv_fingerprint, 20); + learned = true; + } + // As above, but for the other slot. + if (recv_fingerprint[20] & 0x2 || (learn_fingerprint2 && 0 != memcmp(recv_fingerprint, Settings.mqtt_fingerprint[0], 20))) { + memcpy(Settings.mqtt_fingerprint[1], recv_fingerprint, 20); + learned = true; + } - if (learned) { - AddLog_P2(LOG_LEVEL_INFO, PSTR(D_LOG_MQTT "Fingerprint learned: %s"), buf_fingerprint); + if (learned) { + AddLog_P2(LOG_LEVEL_INFO, PSTR(D_LOG_MQTT "Fingerprint learned: %s"), buf_fingerprint); - SettingsSaveAll(); // save settings - } -// **** End patch Castellucci + SettingsSaveAll(); // save settings + } + // **** End patch Castellucci #endif // !USE_MQTT_TLS_CA_CERT + } #endif // USE_MQTT_TLS MqttConnected(); } else { #ifdef USE_MQTT_TLS - AddLog_P2(LOG_LEVEL_INFO, PSTR(D_LOG_MQTT "TLS connection error: %d"), tlsClient->getLastError()); + if (Settings.flag4.mqtt_tls) { + AddLog_P2(LOG_LEVEL_INFO, PSTR(D_LOG_MQTT "TLS connection error: %d"), tlsClient->getLastError()); + } #endif MqttDisconnected(MqttClient.state()); // status codes are documented here http://pubsubclient.knolleary.net/api.html#state } @@ -1251,6 +1281,9 @@ const char HTTP_FORM_MQTT1[] PROGMEM = "
" "

" D_HOST " (" MQTT_HOST ")

" "

" D_PORT " (" STR(MQTT_PORT) ")

" +#ifdef USE_MQTT_TLS + "


" +#endif // USE_MQTT_TLS "

" D_CLIENT " (%s)

"; const char HTTP_FORM_MQTT2[] PROGMEM = "

" D_USER " (" MQTT_USER ")

" @@ -1277,6 +1310,9 @@ void HandleMqttConfiguration(void) WSContentSend_P(HTTP_FORM_MQTT1, SettingsText(SET_MQTT_HOST), Settings.mqtt_port, +#ifdef USE_MQTT_TLS + Settings.flag4.mqtt_tls ? " checked" : "", // SetOption102 - Enable MQTT TLS +#endif // USE_MQTT_TLS Format(str, MQTT_CLIENT_ID, sizeof(str)), MQTT_CLIENT_ID, SettingsText(SET_MQTT_CLIENT)); WSContentSend_P(HTTP_FORM_MQTT2, (!strlen(SettingsText(SET_MQTT_USER))) ? "0" : SettingsText(SET_MQTT_USER), @@ -1309,6 +1345,9 @@ void MqttSaveSettings(void) SettingsUpdateText(SET_MQTT_HOST, (!strlen(tmp)) ? MQTT_HOST : (!strcmp(tmp,"0")) ? "" : tmp); WebGetArg("ml", tmp, sizeof(tmp)); Settings.mqtt_port = (!strlen(tmp)) ? MQTT_PORT : atoi(tmp); +#ifdef USE_MQTT_TLS + Settings.flag4.mqtt_tls = Webserver->hasArg("b3"); // SetOption102 - Enable MQTT TLS +#endif WebGetArg("mc", tmp, sizeof(tmp)); SettingsUpdateText(SET_MQTT_CLIENT, (!strlen(tmp)) ? MQTT_CLIENT_ID : tmp); #if defined(USE_MQTT_TLS) && defined(USE_MQTT_AWS_IOT)