From c963900709ee8fe014ce71c670a5aea1dfff6055 Mon Sep 17 00:00:00 2001 From: Mike <7153163+hackbar@users.noreply.github.com> Date: Thu, 17 Jan 2019 19:09:58 -0800 Subject: [PATCH] If the MDNS hostname is set, use it to verify the cert name. --- sonoff/xdrv_02_mqtt.ino | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/sonoff/xdrv_02_mqtt.ino b/sonoff/xdrv_02_mqtt.ino index 4321cb7b0..0b903f463 100644 --- a/sonoff/xdrv_02_mqtt.ino +++ b/sonoff/xdrv_02_mqtt.ino @@ -495,7 +495,19 @@ boolean MqttCheckTls(void) AddLog_P(LOG_LEVEL_INFO, S_LOG_MQTT, PSTR(D_VERIFIED "2")); result = true; } -#endif +#ifdef MDNS_HOSTNAME + // If the hostname is set, check that as well. + // This lets certs with the hostname for the CN be used. + else if (EspClient.verify(fingerprint1, MDNS_HOSTNAME)) { + AddLog_P(LOG_LEVEL_INFO, S_LOG_MQTT, PSTR(D_VERIFIED "1")); + result = true; + } + else if (EspClient.verify(fingerprint2, MDNS_HOSTNAME)) { + AddLog_P(LOG_LEVEL_INFO, S_LOG_MQTT, PSTR(D_VERIFIED "2")); + result = true; + } +#endif // MDNS_HOSTNAME +#endif // USE_MQTT_TLS_CA_CERT } if (!result) AddLog_P(LOG_LEVEL_INFO, S_LOG_MQTT, PSTR(D_FAILED)); EspClient.stop();