mirror of https://github.com/arendst/Tasmota.git
Merge pull request #9079 from s-hadinger/tls_triple_mode
Change triple-mode TLS via configuration in a single firmware (TLS AWS IoT, Letsencrypt and No-TLS)
This commit is contained in:
Theo Arends
GitHub
commit
12a6d03ca8
|
|
@ -8,6 +8,7 @@
|
|||
- Add Zigbee options to ``ZbSend`` ``Config`` and ``ReadCondig``
|
||||
- Add command ``Restart 2`` to halt system. Needs hardware reset or power cycle to restart (#9046)
|
||||
- Add command ``SetOption102 0/1`` to switch between Teleinfo French Metering mode, legacy 1200 bps (0) or Linky standard 9600 bps (1)
|
||||
- Change triple-mode TLS via configuration in a single firmware (TLS AWS IoT, Letsencrypt and No-TLS)
|
||||
|
||||
### 8.4.0 20200730
|
||||
|
||||
|
|
|
|||
|
|
@ -190,6 +190,7 @@ void WiFiClientSecure_light::_clear() {
|
|||
_chain_P = nullptr;
|
||||
_sk_ec_P = nullptr;
|
||||
_ta_P = nullptr;
|
||||
_ta_size = 0;
|
||||
_max_thunkstack_use = 0;
|
||||
}
|
||||
|
||||
|
|
@ -232,8 +233,9 @@ void WiFiClientSecure_light::setClientECCert(const br_x509_certificate *cert, co
|
|||
_cert_issuer_key_type = cert_issuer_key_type;
|
||||
}
|
||||
|
||||
void WiFiClientSecure_light::setTrustAnchor(const br_x509_trust_anchor *ta) {
|
||||
void WiFiClientSecure_light::setTrustAnchor(const br_x509_trust_anchor *ta, size_t ta_size) {
|
||||
_ta_P = ta;
|
||||
_ta_size = ta_size;
|
||||
}
|
||||
|
||||
void WiFiClientSecure_light::setBufferSizes(int recv, int xmit) {
|
||||
|
|
@ -916,7 +918,7 @@ bool WiFiClientSecure_light::_connectSSL(const char* hostName) {
|
|||
#ifdef USE_MQTT_TLS_CA_CERT
|
||||
x509_minimal = (br_x509_minimal_context*) malloc(sizeof(br_x509_minimal_context));
|
||||
if (!x509_minimal) break;
|
||||
br_x509_minimal_init(x509_minimal, &br_sha256_vtable, _ta_P, 1);
|
||||
br_x509_minimal_init(x509_minimal, &br_sha256_vtable, _ta_P, _ta_size);
|
||||
br_x509_minimal_set_rsa(x509_minimal, br_ssl_engine_get_rsavrfy(_eng));
|
||||
br_x509_minimal_set_hash(x509_minimal, br_sha256_ID, &br_sha256_vtable);
|
||||
br_ssl_engine_set_x509(_eng, &x509_minimal->vtable);
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ class WiFiClientSecure_light : public WiFiClient {
|
|||
void setClientECCert(const br_x509_certificate *cert, const br_ec_private_key *sk,
|
||||
unsigned allowed_usages, unsigned cert_issuer_key_type);
|
||||
|
||||
void setTrustAnchor(const br_x509_trust_anchor *ta);
|
||||
void setTrustAnchor(const br_x509_trust_anchor *ta, size_t ta_size);
|
||||
|
||||
// Sets the requested buffer size for transmit and receive
|
||||
void setBufferSizes(int recv, int xmit);
|
||||
|
|
@ -142,6 +142,7 @@ class WiFiClientSecure_light : public WiFiClient {
|
|||
const br_x509_certificate *_chain_P; // PROGMEM certificate
|
||||
const br_ec_private_key *_sk_ec_P; // PROGMEM private key
|
||||
const br_x509_trust_anchor *_ta_P; // PROGMEM server CA
|
||||
size_t _ta_size;
|
||||
unsigned _allowed_usages;
|
||||
unsigned _cert_issuer_key_type;
|
||||
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Device Name"
|
||||
#define D_WEB_ADMIN_PASSWORD "Парола на уеб администратора"
|
||||
#define D_MQTT_ENABLE "Активиране на MQTT"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "Приятелско име"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Hue Bridge"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "MQTT топик"
|
||||
#define D_MQTT_GROUP_TOPIC "MQTT групов топик"
|
||||
#define D_MQTT_FULL_TOPIC "MQTT пълен топик"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "mDNS откриване"
|
||||
#define D_MDNS_ADVERTISE "mDNS известяване"
|
||||
#define D_ESP_CHIP_ID "ID на ESP чипа"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Device Name"
|
||||
#define D_WEB_ADMIN_PASSWORD "Heslo Web administrátora"
|
||||
#define D_MQTT_ENABLE "MQTT aktivní"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "Friendly Name"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Hue Bridge"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "Topic MQTT"
|
||||
#define D_MQTT_GROUP_TOPIC "Topic skupiny MQTT"
|
||||
#define D_MQTT_FULL_TOPIC "Celý topic MQTT"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "Získávání mDNS"
|
||||
#define D_MDNS_ADVERTISE "Rozesílání mDNS"
|
||||
#define D_ESP_CHIP_ID "ID systému ESP"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Device Name"
|
||||
#define D_WEB_ADMIN_PASSWORD "Passwort für Web Oberfläche"
|
||||
#define D_MQTT_ENABLE "MQTT aktivieren"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "Name [friendly name]"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Hue Bridge"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "MQTT Topic"
|
||||
#define D_MQTT_GROUP_TOPIC "MQTT Group Topic"
|
||||
#define D_MQTT_FULL_TOPIC "MQTT Full Topic"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "mDNS-Ermittlung"
|
||||
#define D_MDNS_ADVERTISE "mDNS-Bekanntmachung"
|
||||
#define D_ESP_CHIP_ID "ESP Chip ID"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Device Name"
|
||||
#define D_WEB_ADMIN_PASSWORD "Κωδικός διαχειριστή"
|
||||
#define D_MQTT_ENABLE "Ενεργοποίηση MQTT"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "Φιλική ονομασία"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Hue Bridge"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "MQTT Topic"
|
||||
#define D_MQTT_GROUP_TOPIC "MQTT Group Topic"
|
||||
#define D_MQTT_FULL_TOPIC "MQTT Full Topic"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "mDNS Discovery"
|
||||
#define D_MDNS_ADVERTISE "mDNS Advertise"
|
||||
#define D_ESP_CHIP_ID "ESP Chip Id"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Device Name"
|
||||
#define D_WEB_ADMIN_PASSWORD "Web Admin Password"
|
||||
#define D_MQTT_ENABLE "MQTT enable"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "Friendly Name"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Hue Bridge"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "MQTT Topic"
|
||||
#define D_MQTT_GROUP_TOPIC "MQTT Group Topic"
|
||||
#define D_MQTT_FULL_TOPIC "MQTT Full Topic"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "mDNS Discovery"
|
||||
#define D_MDNS_ADVERTISE "mDNS Advertise"
|
||||
#define D_ESP_CHIP_ID "ESP Chip Id"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Nombre de Dispositivo"
|
||||
#define D_WEB_ADMIN_PASSWORD "Clave Administrador Web"
|
||||
#define D_MQTT_ENABLE "Habilitar MQTT"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "Nombre Amigable"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Hue Bridge"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "Topic MQTT"
|
||||
#define D_MQTT_GROUP_TOPIC "Group Topic MQTT"
|
||||
#define D_MQTT_FULL_TOPIC "Full Topic MQTT"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "mDNS Discovery"
|
||||
#define D_MDNS_ADVERTISE "mDNS Advertise"
|
||||
#define D_ESP_CHIP_ID "ESP Chip Id"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Device Name"
|
||||
#define D_WEB_ADMIN_PASSWORD "Mot de passe Web Admin"
|
||||
#define D_MQTT_ENABLE "MQTT activé"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "Surnom"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Hue Bridge"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "Topic MQTT"
|
||||
#define D_MQTT_GROUP_TOPIC "Groupe topic MQTT"
|
||||
#define D_MQTT_FULL_TOPIC "Topic complet MQTT"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "Découverte mDNS"
|
||||
#define D_MDNS_ADVERTISE "Annonce mDNS"
|
||||
#define D_ESP_CHIP_ID "ESP Chip Id"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Device Name"
|
||||
#define D_WEB_ADMIN_PASSWORD "סיסמת מנהל"
|
||||
#define D_MQTT_ENABLE "MQTT אפשר"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "שם ידידותי"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Hue Bridge"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "MQTT נושא"
|
||||
#define D_MQTT_GROUP_TOPIC "MQTT נושא קבוצת"
|
||||
#define D_MQTT_FULL_TOPIC "MQTT נושא מלא"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "mDNS זיהוי"
|
||||
#define D_MDNS_ADVERTISE "mDNS פרסום"
|
||||
#define D_ESP_CHIP_ID "ESP מס' רכיב"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Device Name"
|
||||
#define D_WEB_ADMIN_PASSWORD "Web admin jelszó"
|
||||
#define D_MQTT_ENABLE "MQTT engedélyezése"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "Név"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Hue Bridge"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "MQTT topic"
|
||||
#define D_MQTT_GROUP_TOPIC "MQTT csoport topic"
|
||||
#define D_MQTT_FULL_TOPIC "MQTT teljes topic"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "mDNS láthatóság"
|
||||
#define D_MDNS_ADVERTISE "mDNS hirdetés"
|
||||
#define D_ESP_CHIP_ID "ESP chip ID"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Nome dispositivo"
|
||||
#define D_WEB_ADMIN_PASSWORD "Password amministratore web"
|
||||
#define D_MQTT_ENABLE "Abilita MQTT"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "Nome amichevole"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Bridge Hue"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "Topic MQTT"
|
||||
#define D_MQTT_GROUP_TOPIC "Gruppo topic MQTT"
|
||||
#define D_MQTT_FULL_TOPIC "Full topic MQTT"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "Ricerca mDNS"
|
||||
#define D_MDNS_ADVERTISE "Notifica mDNS"
|
||||
#define D_ESP_CHIP_ID "ID chip ESP"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Device Name"
|
||||
#define D_WEB_ADMIN_PASSWORD "Web Admin 비밀번호"
|
||||
#define D_MQTT_ENABLE "MQTT 사용"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "Friendly Name"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Hue Bridge"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "MQTT Topic"
|
||||
#define D_MQTT_GROUP_TOPIC "MQTT Group Topic"
|
||||
#define D_MQTT_FULL_TOPIC "MQTT Full Topic"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "mDNS Discovery"
|
||||
#define D_MDNS_ADVERTISE "mDNS Advertise"
|
||||
#define D_ESP_CHIP_ID "ESP 칩 Id"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Apparaatnaam"
|
||||
#define D_WEB_ADMIN_PASSWORD "Web Admin Wachtwoord"
|
||||
#define D_MQTT_ENABLE "MQTT ingeschakeld"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "Beschrijvende naam"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Hue Bridge"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "MQTT Topic"
|
||||
#define D_MQTT_GROUP_TOPIC "MQTT Groep Topic"
|
||||
#define D_MQTT_FULL_TOPIC "MQTT Volledig Topic"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "mDNS Discovery"
|
||||
#define D_MDNS_ADVERTISE "mDNS Advertise"
|
||||
#define D_ESP_CHIP_ID "ESP Chip Id"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Device Name"
|
||||
#define D_WEB_ADMIN_PASSWORD "Hasło administratora"
|
||||
#define D_MQTT_ENABLE "Załącz MQTT"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "Nazwa"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Mostek Hue"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "Temat"
|
||||
#define D_MQTT_GROUP_TOPIC "Temat grupy"
|
||||
#define D_MQTT_FULL_TOPIC "Pełny temat"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "Wykrywanie mDNS"
|
||||
#define D_MDNS_ADVERTISE "Rozgłaszanie mDNS"
|
||||
#define D_ESP_CHIP_ID "ID ukladu ESP"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Device Name"
|
||||
#define D_WEB_ADMIN_PASSWORD "Senha de WEB Admin"
|
||||
#define D_MQTT_ENABLE "MQTT habilitado"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "Nome amigável"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Hue Bridge"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "MQTT Tópico"
|
||||
#define D_MQTT_GROUP_TOPIC "MQTT Tópico Grupo"
|
||||
#define D_MQTT_FULL_TOPIC "MQTT Tópico Completo"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "Descobrir mDNS"
|
||||
#define D_MDNS_ADVERTISE "Anunciar mDNS"
|
||||
#define D_ESP_CHIP_ID "ESP Chip Id"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Device Name"
|
||||
#define D_WEB_ADMIN_PASSWORD "Palavra Chave do Admin WEB"
|
||||
#define D_MQTT_ENABLE "MQTT habilitado"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "Nome amigável"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Hue Bridge"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "Tópico MQTT"
|
||||
#define D_MQTT_GROUP_TOPIC "Tópico MQTT de Grupo"
|
||||
#define D_MQTT_FULL_TOPIC "Tópico MQTT Completo"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "Descobrir mDNS"
|
||||
#define D_MDNS_ADVERTISE "Anunciar mDNS"
|
||||
#define D_ESP_CHIP_ID "ID do chip ESP"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Device Name"
|
||||
#define D_WEB_ADMIN_PASSWORD "Parolă Web Admin"
|
||||
#define D_MQTT_ENABLE "Activare MQTT"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "Friendly Name"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Hue Bridge"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "Subiect MQTT"
|
||||
#define D_MQTT_GROUP_TOPIC "Subiect Grup MQTT"
|
||||
#define D_MQTT_FULL_TOPIC "Subiect Întreg MQTT"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "Descoperă mDNS"
|
||||
#define D_MDNS_ADVERTISE "Publică mDNS"
|
||||
#define D_ESP_CHIP_ID "ESP Chip Id"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Device Name"
|
||||
#define D_WEB_ADMIN_PASSWORD "Пароль Web администратора"
|
||||
#define D_MQTT_ENABLE "MQTT активен"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "Дружественное Имя"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Hue Bridge"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "MQTT Топик"
|
||||
#define D_MQTT_GROUP_TOPIC "MQTT Топик группы"
|
||||
#define D_MQTT_FULL_TOPIC "MQTT Топик полный"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "mDNS Обнаружение"
|
||||
#define D_MDNS_ADVERTISE "mDNS Транcляция"
|
||||
#define D_ESP_CHIP_ID "ID чипа ESP"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Device Name"
|
||||
#define D_WEB_ADMIN_PASSWORD "Heslo Web administrátora"
|
||||
#define D_MQTT_ENABLE "MQTT aktívne"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "Friendly Name"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Hue Bridge"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "Topic MQTT"
|
||||
#define D_MQTT_GROUP_TOPIC "Topic skupiny MQTT"
|
||||
#define D_MQTT_FULL_TOPIC "Celý topic MQTT"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "Získavanie mDNS"
|
||||
#define D_MDNS_ADVERTISE "Rozosielanie mDNS"
|
||||
#define D_ESP_CHIP_ID "ID systému ESP"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Device Name"
|
||||
#define D_WEB_ADMIN_PASSWORD "Webbadmin-lösenord"
|
||||
#define D_MQTT_ENABLE "MQTT aktivera"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "Läsbart namn"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Hue Bridge"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "MQTT-ämne"
|
||||
#define D_MQTT_GROUP_TOPIC "MQTT gruppämne"
|
||||
#define D_MQTT_FULL_TOPIC "MQTT fullt ämne"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "mDNS upptäckning"
|
||||
#define D_MDNS_ADVERTISE "mDNS annonsering"
|
||||
#define D_ESP_CHIP_ID "ESP Chip Id"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Device Name"
|
||||
#define D_WEB_ADMIN_PASSWORD "Web Yönetici Şifresi"
|
||||
#define D_MQTT_ENABLE "MQTT aktif"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "Kullanıcı Dostu İsim"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Hue Bridge"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "MQTT Topiği"
|
||||
#define D_MQTT_GROUP_TOPIC "MQTT Grup Topiği"
|
||||
#define D_MQTT_FULL_TOPIC "MQTT Full Topik"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "mDNS Keşfi"
|
||||
#define D_MDNS_ADVERTISE "mDNS Yayını"
|
||||
#define D_ESP_CHIP_ID "ESP Chip Id"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Device Name"
|
||||
#define D_WEB_ADMIN_PASSWORD "Гасло адміністратора Web"
|
||||
#define D_MQTT_ENABLE "MQTT активний"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "Дружня назва"
|
||||
#define D_BELKIN_WEMO "Belkin WeMo"
|
||||
#define D_HUE_BRIDGE "Міст Hue"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "MQTT Топік"
|
||||
#define D_MQTT_GROUP_TOPIC "MQTT Топік групи"
|
||||
#define D_MQTT_FULL_TOPIC "MQTT Топік повний"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "mDNS Виявлення"
|
||||
#define D_MDNS_ADVERTISE "mDNS Анонс"
|
||||
#define D_ESP_CHIP_ID "ID чипу ESP"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "Device Name"
|
||||
#define D_WEB_ADMIN_PASSWORD "WEB 管理密码"
|
||||
#define D_MQTT_ENABLE "启用MQTT"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "昵称"
|
||||
#define D_BELKIN_WEMO "贝尔金 WeMo"
|
||||
#define D_HUE_BRIDGE "飞利浦 Hue 网桥"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "MQTT 主题"
|
||||
#define D_MQTT_GROUP_TOPIC "MQTT 主题组"
|
||||
#define D_MQTT_FULL_TOPIC "MQTT 完整主题"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "mDNS 发现"
|
||||
#define D_MDNS_ADVERTISE "mDNS 广播"
|
||||
#define D_ESP_CHIP_ID "ESP 芯片 ID"
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@
|
|||
#define D_DEVICE_NAME "裝置名稱"
|
||||
#define D_WEB_ADMIN_PASSWORD "網頁上的管理員密碼"
|
||||
#define D_MQTT_ENABLE "MQTT的啟用"
|
||||
#define D_MQTT_TLS_ENABLE "MQTT TLS"
|
||||
#define D_FRIENDLY_NAME "暱稱"
|
||||
#define D_BELKIN_WEMO "貝爾金 WeMo"
|
||||
#define D_HUE_BRIDGE "Hue 橋接器"
|
||||
|
|
@ -335,6 +336,7 @@
|
|||
#define D_MQTT_TOPIC "MQTT 主題(Topic)"
|
||||
#define D_MQTT_GROUP_TOPIC "MQTT 群組主題"
|
||||
#define D_MQTT_FULL_TOPIC "MQTT 完整主題"
|
||||
#define D_MQTT_NO_RETAIN "MQTT No Retain"
|
||||
#define D_MDNS_DISCOVERY "mDNS 探索"
|
||||
#define D_MDNS_ADVERTISE "mDNS 廣播"
|
||||
#define D_ESP_CHIP_ID "ESP晶片ID"
|
||||
|
|
|
|||
|
|
@ -122,8 +122,8 @@ typedef union { // Restricted by MISRA-C Rule 18.4 bu
|
|||
uint32_t remove_zbreceived : 1; // bit 18 (v8.3.1.7) - SetOption100 - Remove ZbReceived form JSON message
|
||||
uint32_t zb_index_ep : 1; // bit 19 (v8.3.1.7) - SetOption101 - Add the source endpoint as suffix to attributes, ex `Power3` instead of `Power` if sent from endpoint 3
|
||||
uint32_t teleinfo_baudrate : 1; // bit 20 (v8.4.0.1) - SetOption102 - Set Baud rate for Teleinfo communication (0 = 1200 or 1 = 9600)
|
||||
uint32_t spare21 : 1;
|
||||
uint32_t spare22 : 1;
|
||||
uint32_t mqtt_tls : 1; // bit 21 (v8.4.0.1) - SetOption103 - Enable TLS mode (requires TLS version)
|
||||
uint32_t mqtt_no_retain : 1; // bit 22 (v8.4.0.1) - SetOption104 - No Retain - disable all MQTT retained messages, some brokers don't support it: AWS IoT, Losant
|
||||
uint32_t spare23 : 1;
|
||||
uint32_t spare24 : 1;
|
||||
uint32_t spare25 : 1;
|
||||
|
|
|
|||
|
|
@ -905,6 +905,8 @@ void CmndSetoption(void)
|
|||
case 6: // SetOption88 - PWM Dimmer Buttons control remote devices
|
||||
case 15: // SetOption97 - Set Baud rate for TuyaMCU serial communication (0 = 9600 or 1 = 115200)
|
||||
case 20: // SetOption102 - Set Baud rate for Teleinfo serial communication (0 = 1200 or 1 = 9600)
|
||||
case 21: // SetOption103 - Enable TLS mode (requires TLS version)
|
||||
case 22: // SetOption104 - No Retain - disable all MQTT retained messages, some brokers don't support it: AWS IoT, Losant
|
||||
restart_flag = 2;
|
||||
break;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -146,6 +146,35 @@ const br_x509_trust_anchor PROGMEM AmazonRootCA1_TA = {
|
|||
}
|
||||
};
|
||||
|
||||
// cumulative CA
|
||||
const br_x509_trust_anchor PROGMEM Tasmota_TA[] = {
|
||||
{
|
||||
{ (unsigned char *)LetsEncrypt_DN, sizeof LetsEncrypt_DN },
|
||||
BR_X509_TA_CA,
|
||||
{
|
||||
BR_KEYTYPE_RSA,
|
||||
{ .rsa = {
|
||||
(unsigned char *)LetsEncrypt_RSA_N, sizeof LetsEncrypt_RSA_N,
|
||||
(unsigned char *)LetsEncrypt_RSA_E, sizeof LetsEncrypt_RSA_E,
|
||||
} }
|
||||
}
|
||||
}
|
||||
,
|
||||
{
|
||||
{ (unsigned char *)AmazonRootCA1_DN, sizeof AmazonRootCA1_DN },
|
||||
BR_X509_TA_CA,
|
||||
{
|
||||
BR_KEYTYPE_RSA,
|
||||
{ .rsa = {
|
||||
(unsigned char *)AmazonRootCA1_RSA_N, sizeof AmazonRootCA1_RSA_N,
|
||||
(unsigned char *)AmazonRootCA1_RSA_E, sizeof AmazonRootCA1_RSA_E,
|
||||
} }
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
const size_t Tasmota_TA_size = ARRAY_SIZE(Tasmota_TA);
|
||||
|
||||
// we add a separate CA for telegram
|
||||
/*********************************************************************************************\
|
||||
* GoDaddy Daddy Secure Certificate Authority - G2, RSA 2048 bits SHA 256, valid until 20220523
|
||||
|
|
|
|||
|
|
@ -2475,6 +2475,9 @@ void HandleInformation(void)
|
|||
if (Settings.flag.mqtt_enabled) { // SetOption3 - Enable MQTT
|
||||
WSContentSend_P(PSTR("}1" D_MQTT_HOST "}2%s"), SettingsText(SET_MQTT_HOST));
|
||||
WSContentSend_P(PSTR("}1" D_MQTT_PORT "}2%d"), Settings.mqtt_port);
|
||||
#ifdef USE_MQTT_TLS
|
||||
WSContentSend_P(PSTR("}1" D_MQTT_TLS_ENABLE "}2%s"), Settings.flag4.mqtt_tls ? PSTR(D_ENABLED) : PSTR(D_DISABLED));
|
||||
#endif // USE_MQTT_TLS
|
||||
WSContentSend_P(PSTR("}1" D_MQTT_USER "}2%s"), SettingsText(SET_MQTT_USER));
|
||||
WSContentSend_P(PSTR("}1" D_MQTT_CLIENT "}2%s"), mqtt_client);
|
||||
WSContentSend_P(PSTR("}1" D_MQTT_TOPIC "}2%s"), SettingsText(SET_MQTT_TOPIC));
|
||||
|
|
@ -2487,6 +2490,7 @@ void HandleInformation(void)
|
|||
}
|
||||
WSContentSend_P(PSTR("}1" D_MQTT_FULL_TOPIC "}2%s"), GetTopic_P(stopic, CMND, mqtt_topic, ""));
|
||||
WSContentSend_P(PSTR("}1" D_MQTT " " D_FALLBACK_TOPIC "}2%s"), GetFallbackTopic_P(stopic, ""));
|
||||
WSContentSend_P(PSTR("}1" D_MQTT_NO_RETAIN "}2%s"), Settings.flag4.mqtt_no_retain ? PSTR(D_ENABLED) : PSTR(D_DISABLED));
|
||||
} else {
|
||||
WSContentSend_P(PSTR("}1" D_MQTT "}2" D_DISABLED));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,9 +24,8 @@
|
|||
#ifdef USE_MQTT_TLS
|
||||
#include "WiFiClientSecureLightBearSSL.h"
|
||||
BearSSL::WiFiClientSecure_light *tlsClient;
|
||||
#else
|
||||
WiFiClient EspClient; // Wifi Client
|
||||
#endif
|
||||
WiFiClient EspClient; // Wifi Client - non-TLS
|
||||
|
||||
const char kMqttCommands[] PROGMEM = "|" // No prefix
|
||||
#if defined(USE_MQTT_TLS) && !defined(USE_MQTT_TLS_CA_CERT)
|
||||
|
|
@ -58,10 +57,12 @@ struct MQTT {
|
|||
uint8_t initial_connection_state = 2; // MQTT connection messages state
|
||||
bool connected = false; // MQTT virtual connection status
|
||||
bool allowed = false; // MQTT enabled and parameters valid
|
||||
bool tls_private_key = false; // MQTT require a private key before connecting
|
||||
} Mqtt;
|
||||
|
||||
#ifdef USE_MQTT_TLS
|
||||
|
||||
// This part of code is necessary to store Private Key and Cert in Flash
|
||||
#ifdef USE_MQTT_AWS_IOT
|
||||
#include <base64.hpp>
|
||||
|
||||
|
|
@ -139,33 +140,43 @@ void MakeValidMqtt(uint32_t option, char* str)
|
|||
#error "MQTT_MAX_PACKET_SIZE is too small in libraries/PubSubClient/src/PubSubClient.h, increase it to at least 1200"
|
||||
#endif
|
||||
|
||||
#ifdef USE_MQTT_TLS
|
||||
PubSubClient MqttClient;
|
||||
#else
|
||||
PubSubClient MqttClient(EspClient);
|
||||
#endif
|
||||
|
||||
void MqttInit(void)
|
||||
{
|
||||
#ifdef USE_MQTT_TLS
|
||||
tlsClient = new BearSSL::WiFiClientSecure_light(1024,1024);
|
||||
if ((8883 == Settings.mqtt_port) || (8884 == Settings.mqtt_port)) {
|
||||
// Turn on TLS for port 8883 (TLS) and 8884 (TLS, client certificate)
|
||||
Settings.flag4.mqtt_tls = true;
|
||||
}
|
||||
|
||||
// Detect AWS IoT and set default parameters
|
||||
String host = String(SettingsText(SET_MQTT_HOST));
|
||||
if (host.indexOf(".iot.") && host.endsWith(".amazonaws.com")) { // look for ".iot." and ".amazonaws.com" in the domain name
|
||||
Settings.flag4.mqtt_no_retain = true;
|
||||
Mqtt.tls_private_key = true;
|
||||
}
|
||||
|
||||
if (Settings.flag4.mqtt_tls) {
|
||||
tlsClient = new BearSSL::WiFiClientSecure_light(1024,1024);
|
||||
|
||||
#ifdef USE_MQTT_AWS_IOT
|
||||
loadTlsDir(); // load key and certificate data from Flash
|
||||
tlsClient->setClientECCert(AWS_IoT_Client_Certificate,
|
||||
AWS_IoT_Private_Key,
|
||||
0xFFFF /* all usages, don't care */, 0);
|
||||
loadTlsDir(); // load key and certificate data from Flash
|
||||
tlsClient->setClientECCert(AWS_IoT_Client_Certificate,
|
||||
AWS_IoT_Private_Key,
|
||||
0xFFFF /* all usages, don't care */, 0);
|
||||
#endif
|
||||
|
||||
#ifdef USE_MQTT_TLS_CA_CERT
|
||||
#ifdef USE_MQTT_AWS_IOT
|
||||
tlsClient->setTrustAnchor(&AmazonRootCA1_TA);
|
||||
#else
|
||||
tlsClient->setTrustAnchor(&LetsEncryptX3CrossSigned_TA);
|
||||
#endif // USE_MQTT_AWS_IOT
|
||||
tlsClient->setTrustAnchor(Tasmota_TA, ARRAY_SIZE(Tasmota_TA));
|
||||
#endif // USE_MQTT_TLS_CA_CERT
|
||||
|
||||
MqttClient.setClient(*tlsClient);
|
||||
MqttClient.setClient(*tlsClient);
|
||||
} else {
|
||||
MqttClient.setClient(EspClient); // non-TLS
|
||||
}
|
||||
#else // USE_MQTT_TLS
|
||||
MqttClient.setClient(EspClient);
|
||||
#endif // USE_MQTT_TLS
|
||||
}
|
||||
|
||||
|
|
@ -286,12 +297,9 @@ void MqttPublish(const char* topic, bool retained)
|
|||
ShowFreeMem(PSTR("MqttPublish"));
|
||||
#endif
|
||||
|
||||
#if defined(USE_MQTT_TLS) && defined(USE_MQTT_AWS_IOT) || defined(MQTT_NO_RETAIN)
|
||||
// if (retained) {
|
||||
// AddLog_P(LOG_LEVEL_INFO, S_LOG_MQTT, PSTR("Retained are not supported by AWS IoT, using retained = false."));
|
||||
// }
|
||||
retained = false; // AWS IoT does not support retained, it will disconnect if received
|
||||
#endif
|
||||
if (Settings.flag4.mqtt_no_retain) {
|
||||
retained = false; // Some brokers don't support retained, they will disconnect if received
|
||||
}
|
||||
|
||||
char sretained[CMDSZ];
|
||||
sretained[0] = '\0';
|
||||
|
|
@ -570,8 +578,10 @@ void MqttReconnect(void)
|
|||
}
|
||||
#if defined(USE_MQTT_TLS) && defined(USE_MQTT_AWS_IOT)
|
||||
// don't enable MQTT for AWS IoT if Private Key or Certificate are not set
|
||||
if (!AWS_IoT_Private_Key || !AWS_IoT_Client_Certificate) {
|
||||
Mqtt.allowed = false;
|
||||
if (Settings.flag4.mqtt_tls && Mqtt.tls_private_key) {
|
||||
if (!AWS_IoT_Private_Key || !AWS_IoT_Client_Certificate) {
|
||||
Mqtt.allowed = false;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
|
@ -604,7 +614,12 @@ void MqttReconnect(void)
|
|||
|
||||
if (MqttClient.connected()) { MqttClient.disconnect(); }
|
||||
#ifdef USE_MQTT_TLS
|
||||
tlsClient->stop();
|
||||
if (Settings.flag4.mqtt_tls) {
|
||||
tlsClient->stop();
|
||||
} else {
|
||||
EspClient = WiFiClient(); // Wifi Client reconnect issue 4497 (https://github.com/esp8266/Arduino/issues/4497)
|
||||
MqttClient.setClient(EspClient);
|
||||
}
|
||||
#else
|
||||
EspClient = WiFiClient(); // Wifi Client reconnect issue 4497 (https://github.com/esp8266/Arduino/issues/4497)
|
||||
MqttClient.setClient(EspClient);
|
||||
|
|
@ -617,35 +632,47 @@ void MqttReconnect(void)
|
|||
MqttClient.setCallback(MqttDataHandler);
|
||||
#if defined(USE_MQTT_TLS) && defined(USE_MQTT_AWS_IOT)
|
||||
// re-assign private keys in case it was updated in between
|
||||
tlsClient->setClientECCert(AWS_IoT_Client_Certificate,
|
||||
AWS_IoT_Private_Key,
|
||||
0xFFFF /* all usages, don't care */, 0);
|
||||
if (Settings.flag4.mqtt_tls) {
|
||||
tlsClient->setClientECCert(AWS_IoT_Client_Certificate,
|
||||
AWS_IoT_Private_Key,
|
||||
0xFFFF /* all usages, don't care */, 0);
|
||||
}
|
||||
#endif
|
||||
MqttClient.setServer(SettingsText(SET_MQTT_HOST), Settings.mqtt_port);
|
||||
|
||||
uint32_t mqtt_connect_time = millis();
|
||||
#if defined(USE_MQTT_TLS) && !defined(USE_MQTT_TLS_CA_CERT)
|
||||
bool allow_all_fingerprints = false;
|
||||
bool learn_fingerprint1 = is_fingerprint_mono_value(Settings.mqtt_fingerprint[0], 0x00);
|
||||
bool learn_fingerprint2 = is_fingerprint_mono_value(Settings.mqtt_fingerprint[1], 0x00);
|
||||
allow_all_fingerprints |= is_fingerprint_mono_value(Settings.mqtt_fingerprint[0], 0xff);
|
||||
allow_all_fingerprints |= is_fingerprint_mono_value(Settings.mqtt_fingerprint[1], 0xff);
|
||||
allow_all_fingerprints |= learn_fingerprint1;
|
||||
allow_all_fingerprints |= learn_fingerprint2;
|
||||
tlsClient->setPubKeyFingerprint(Settings.mqtt_fingerprint[0], Settings.mqtt_fingerprint[1], allow_all_fingerprints);
|
||||
bool allow_all_fingerprints;
|
||||
bool learn_fingerprint1;
|
||||
bool learn_fingerprint2;
|
||||
if (Settings.flag4.mqtt_tls) {
|
||||
allow_all_fingerprints = false;
|
||||
learn_fingerprint1 = is_fingerprint_mono_value(Settings.mqtt_fingerprint[0], 0x00);
|
||||
learn_fingerprint2 = is_fingerprint_mono_value(Settings.mqtt_fingerprint[1], 0x00);
|
||||
allow_all_fingerprints |= is_fingerprint_mono_value(Settings.mqtt_fingerprint[0], 0xff);
|
||||
allow_all_fingerprints |= is_fingerprint_mono_value(Settings.mqtt_fingerprint[1], 0xff);
|
||||
allow_all_fingerprints |= learn_fingerprint1;
|
||||
allow_all_fingerprints |= learn_fingerprint2;
|
||||
tlsClient->setPubKeyFingerprint(Settings.mqtt_fingerprint[0], Settings.mqtt_fingerprint[1], allow_all_fingerprints);
|
||||
}
|
||||
#endif
|
||||
bool lwt_retain = Settings.flag4.mqtt_no_retain ? false : true; // no retained last will if "no_retain"
|
||||
#if defined(USE_MQTT_TLS) && defined(USE_MQTT_AWS_IOT)
|
||||
AddLog_P2(LOG_LEVEL_INFO, PSTR(D_LOG_MQTT "AWS IoT endpoint: %s"), SettingsText(SET_MQTT_HOST));
|
||||
if (MqttClient.connect(mqtt_client, nullptr, nullptr, stopic, 1, false, mqtt_data, MQTT_CLEAN_SESSION)) {
|
||||
#else
|
||||
if (MqttClient.connect(mqtt_client, mqtt_user, mqtt_pwd, stopic, 1, true, mqtt_data, MQTT_CLEAN_SESSION)) {
|
||||
if (Settings.flag4.mqtt_tls && Mqtt.tls_private_key) {
|
||||
// If we require private key then we should null user/pwd
|
||||
mqtt_user = nullptr;
|
||||
mqtt_pwd = nullptr;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (MqttClient.connect(mqtt_client, mqtt_user, mqtt_pwd, stopic, 1, lwt_retain, mqtt_data, MQTT_CLEAN_SESSION)) {
|
||||
#ifdef USE_MQTT_TLS
|
||||
AddLog_P2(LOG_LEVEL_INFO, PSTR(D_LOG_MQTT "TLS connected in %d ms, max ThunkStack used %d"),
|
||||
millis() - mqtt_connect_time, tlsClient->getMaxThunkStackUse());
|
||||
if (!tlsClient->getMFLNStatus()) {
|
||||
AddLog_P(LOG_LEVEL_INFO, S_LOG_MQTT, PSTR("MFLN not supported by TLS server"));
|
||||
}
|
||||
if (Settings.flag4.mqtt_tls) {
|
||||
AddLog_P2(LOG_LEVEL_INFO, PSTR(D_LOG_MQTT "TLS connected in %d ms, max ThunkStack used %d"),
|
||||
millis() - mqtt_connect_time, tlsClient->getMaxThunkStackUse());
|
||||
if (!tlsClient->getMFLNStatus()) {
|
||||
AddLog_P(LOG_LEVEL_INFO, S_LOG_MQTT, PSTR("MFLN not supported by TLS server"));
|
||||
}
|
||||
#ifndef USE_MQTT_TLS_CA_CERT // don't bother with fingerprints if using CA validation
|
||||
// **** Start patch Castellucci
|
||||
/*
|
||||
|
|
@ -678,40 +705,43 @@ void MqttReconnect(void)
|
|||
}
|
||||
}
|
||||
*/
|
||||
const uint8_t *recv_fingerprint = tlsClient->getRecvPubKeyFingerprint();
|
||||
// create a printable version of the fingerprint received
|
||||
char buf_fingerprint[64];
|
||||
ToHex_P(recv_fingerprint, 20, buf_fingerprint, sizeof(buf_fingerprint), ' ');
|
||||
AddLog_P2(LOG_LEVEL_DEBUG, PSTR(D_LOG_MQTT "Server fingerprint: %s"), buf_fingerprint);
|
||||
const uint8_t *recv_fingerprint = tlsClient->getRecvPubKeyFingerprint();
|
||||
// create a printable version of the fingerprint received
|
||||
char buf_fingerprint[64];
|
||||
ToHex_P(recv_fingerprint, 20, buf_fingerprint, sizeof(buf_fingerprint), ' ');
|
||||
AddLog_P2(LOG_LEVEL_DEBUG, PSTR(D_LOG_MQTT "Server fingerprint: %s"), buf_fingerprint);
|
||||
|
||||
bool learned = false;
|
||||
bool learned = false;
|
||||
|
||||
// If the fingerprint slot is marked for update, we'll do so.
|
||||
// Otherwise, if the fingerprint slot had the magic trust-on-first-use
|
||||
// value, we will save the current fingerprint there, but only if the other fingerprint slot
|
||||
// *didn't* match it.
|
||||
if (recv_fingerprint[20] & 0x1 || (learn_fingerprint1 && 0 != memcmp(recv_fingerprint, Settings.mqtt_fingerprint[1], 20))) {
|
||||
memcpy(Settings.mqtt_fingerprint[0], recv_fingerprint, 20);
|
||||
learned = true;
|
||||
}
|
||||
// As above, but for the other slot.
|
||||
if (recv_fingerprint[20] & 0x2 || (learn_fingerprint2 && 0 != memcmp(recv_fingerprint, Settings.mqtt_fingerprint[0], 20))) {
|
||||
memcpy(Settings.mqtt_fingerprint[1], recv_fingerprint, 20);
|
||||
learned = true;
|
||||
}
|
||||
// If the fingerprint slot is marked for update, we'll do so.
|
||||
// Otherwise, if the fingerprint slot had the magic trust-on-first-use
|
||||
// value, we will save the current fingerprint there, but only if the other fingerprint slot
|
||||
// *didn't* match it.
|
||||
if (recv_fingerprint[20] & 0x1 || (learn_fingerprint1 && 0 != memcmp(recv_fingerprint, Settings.mqtt_fingerprint[1], 20))) {
|
||||
memcpy(Settings.mqtt_fingerprint[0], recv_fingerprint, 20);
|
||||
learned = true;
|
||||
}
|
||||
// As above, but for the other slot.
|
||||
if (recv_fingerprint[20] & 0x2 || (learn_fingerprint2 && 0 != memcmp(recv_fingerprint, Settings.mqtt_fingerprint[0], 20))) {
|
||||
memcpy(Settings.mqtt_fingerprint[1], recv_fingerprint, 20);
|
||||
learned = true;
|
||||
}
|
||||
|
||||
if (learned) {
|
||||
AddLog_P2(LOG_LEVEL_INFO, PSTR(D_LOG_MQTT "Fingerprint learned: %s"), buf_fingerprint);
|
||||
if (learned) {
|
||||
AddLog_P2(LOG_LEVEL_INFO, PSTR(D_LOG_MQTT "Fingerprint learned: %s"), buf_fingerprint);
|
||||
|
||||
SettingsSaveAll(); // save settings
|
||||
}
|
||||
// **** End patch Castellucci
|
||||
SettingsSaveAll(); // save settings
|
||||
}
|
||||
// **** End patch Castellucci
|
||||
#endif // !USE_MQTT_TLS_CA_CERT
|
||||
}
|
||||
#endif // USE_MQTT_TLS
|
||||
MqttConnected();
|
||||
} else {
|
||||
#ifdef USE_MQTT_TLS
|
||||
AddLog_P2(LOG_LEVEL_INFO, PSTR(D_LOG_MQTT "TLS connection error: %d"), tlsClient->getLastError());
|
||||
if (Settings.flag4.mqtt_tls) {
|
||||
AddLog_P2(LOG_LEVEL_INFO, PSTR(D_LOG_MQTT "TLS connection error: %d"), tlsClient->getLastError());
|
||||
}
|
||||
#endif
|
||||
MqttDisconnected(MqttClient.state()); // status codes are documented here http://pubsubclient.knolleary.net/api.html#state
|
||||
}
|
||||
|
|
@ -1251,6 +1281,9 @@ const char HTTP_FORM_MQTT1[] PROGMEM =
|
|||
"<form method='get' action='" WEB_HANDLE_MQTT "'>"
|
||||
"<p><b>" D_HOST "</b> (" MQTT_HOST ")<br><input id='mh' placeholder=\"" MQTT_HOST "\" value=\"%s\"></p>"
|
||||
"<p><b>" D_PORT "</b> (" STR(MQTT_PORT) ")<br><input id='ml' placeholder='" STR(MQTT_PORT) "' value='%d'></p>"
|
||||
#ifdef USE_MQTT_TLS
|
||||
"<p><label><input id='b3' type='checkbox'%s><b>" D_MQTT_TLS_ENABLE "</b></label><br>"
|
||||
#endif // USE_MQTT_TLS
|
||||
"<p><b>" D_CLIENT "</b> (%s)<br><input id='mc' placeholder=\"%s\" value=\"%s\"></p>";
|
||||
const char HTTP_FORM_MQTT2[] PROGMEM =
|
||||
"<p><b>" D_USER "</b> (" MQTT_USER ")<br><input id='mu' placeholder=\"" MQTT_USER "\" value=\"%s\"></p>"
|
||||
|
|
@ -1277,6 +1310,9 @@ void HandleMqttConfiguration(void)
|
|||
WSContentSend_P(HTTP_FORM_MQTT1,
|
||||
SettingsText(SET_MQTT_HOST),
|
||||
Settings.mqtt_port,
|
||||
#ifdef USE_MQTT_TLS
|
||||
Settings.flag4.mqtt_tls ? " checked" : "", // SetOption102 - Enable MQTT TLS
|
||||
#endif // USE_MQTT_TLS
|
||||
Format(str, MQTT_CLIENT_ID, sizeof(str)), MQTT_CLIENT_ID, SettingsText(SET_MQTT_CLIENT));
|
||||
WSContentSend_P(HTTP_FORM_MQTT2,
|
||||
(!strlen(SettingsText(SET_MQTT_USER))) ? "0" : SettingsText(SET_MQTT_USER),
|
||||
|
|
@ -1309,6 +1345,9 @@ void MqttSaveSettings(void)
|
|||
SettingsUpdateText(SET_MQTT_HOST, (!strlen(tmp)) ? MQTT_HOST : (!strcmp(tmp,"0")) ? "" : tmp);
|
||||
WebGetArg("ml", tmp, sizeof(tmp));
|
||||
Settings.mqtt_port = (!strlen(tmp)) ? MQTT_PORT : atoi(tmp);
|
||||
#ifdef USE_MQTT_TLS
|
||||
Settings.flag4.mqtt_tls = Webserver->hasArg("b3"); // SetOption102 - Enable MQTT TLS
|
||||
#endif
|
||||
WebGetArg("mc", tmp, sizeof(tmp));
|
||||
SettingsUpdateText(SET_MQTT_CLIENT, (!strlen(tmp)) ? MQTT_CLIENT_ID : tmp);
|
||||
#if defined(USE_MQTT_TLS) && defined(USE_MQTT_AWS_IOT)
|
||||
|
|
|
|||
Loading…
Reference in New Issue