From be46b95d62acc8bb466ed421fdf82cd22d4a19de Mon Sep 17 00:00:00 2001 From: s-hadinger <49731213+s-hadinger@users.noreply.github.com> Date: Thu, 19 Sep 2024 23:12:46 +0200 Subject: [PATCH] MQTT add warning if trying to connect without TLS on a port that normally uses TLS (#22175) --- CHANGELOG.md | 1 + tasmota/tasmota_xdrv_driver/xdrv_02_9_mqtt.ino | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7406073d1..570671c48 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ All notable changes to this project will be documented in this file. - Support for RX8010 RTC as used in IOTTIMER (#21376) - ESP8266 experimental support for second I2C bus - Berry improve `int64` constructor +- MQTT add warning if trying to connect without TLS on a port that normally uses TLS ### Breaking Changed diff --git a/tasmota/tasmota_xdrv_driver/xdrv_02_9_mqtt.ino b/tasmota/tasmota_xdrv_driver/xdrv_02_9_mqtt.ino index a9bbfef73..0f05631a3 100644 --- a/tasmota/tasmota_xdrv_driver/xdrv_02_9_mqtt.ino +++ b/tasmota/tasmota_xdrv_driver/xdrv_02_9_mqtt.ino @@ -177,6 +177,19 @@ void MqttDisableLogging(bool state) { TasmotaGlobal.masterlog_level = (Mqtt.disable_logging) ? LOG_LEVEL_DEBUG_MORE : LOG_LEVEL_NONE; } +// The following emits a warning if the connection is non-TLS on a TLS port +// this makes troubleshooting easier +// This function is called only when a non-TLS connection is detected +void MqttNonTLSWarning(void) { +#ifndef FIRMWARE_MINIMAL // not needed in MINIMAL firmware + if ((443 == Settings->mqtt_port) || + (8883 == Settings->mqtt_port ) || + (8443 == Settings->mqtt_port)) { + AddLog(LOG_LEVEL_INFO, PSTR(D_LOG_MQTT "Warning non-TLS connection on TLS port %d"), Settings->mqtt_port); + } +#endif // FIRMWARE_MINIMAL +} + /*********************************************************************************************\ * MQTT driver specific code need to provide the following functions: * @@ -253,9 +266,11 @@ void MqttInit(void) { MqttClient.setClient(*tlsClient); } else { MqttClient.setClient(EspClient); // non-TLS + MqttNonTLSWarning(); } #else // USE_MQTT_TLS MqttClient.setClient(EspClient); + MqttNonTLSWarning(); #endif // USE_MQTT_TLS MqttClient.setKeepAlive(Settings->mqtt_keepalive); @@ -1152,6 +1167,7 @@ void MqttReconnect(void) { tlsClient->setDomainName(SettingsText(SET_MQTT_HOST)); // set domain name for TLS SNI (selection of certificate based on domain name) } else { MqttClient.setClient(EspClient); + MqttNonTLSWarning(); } #ifdef USE_MQTT_AWS_IOT // re-assign private keys in case it was updated in between @@ -1192,6 +1208,7 @@ void MqttReconnect(void) { } #else // No USE_MQTT_TLS MqttClient.setClient(EspClient); + MqttNonTLSWarning(); #endif // USE_MQTT_TLS char stopic[TOPSZ];