From a52d59ea229ebdaeabb1566918576df237e50944 Mon Sep 17 00:00:00 2001 From: Clemens Sutor Date: Tue, 19 Nov 2024 22:12:34 +0100 Subject: [PATCH 1/4] Add support for secure MQTT connections with TLS --- EleksTubeHAX_pio/src/Mqtt_client_ips.cpp | 55 +++++++++++++++++--- EleksTubeHAX_pio/src/_USER_DEFINES - empty.h | 1 + 2 files changed, 50 insertions(+), 6 deletions(-) diff --git a/EleksTubeHAX_pio/src/Mqtt_client_ips.cpp b/EleksTubeHAX_pio/src/Mqtt_client_ips.cpp index 1db89f5..0fa505f 100644 --- a/EleksTubeHAX_pio/src/Mqtt_client_ips.cpp +++ b/EleksTubeHAX_pio/src/Mqtt_client_ips.cpp @@ -11,21 +11,59 @@ */ #include "Mqtt_client_ips.h" -#include "WiFi.h" // for ESP32 +#include // for ESP32 #include // Download and install this library first from: https://www.arduinolibraries.info/libraries/pub-sub-client #include #include "TempSensor.h" #include "TFTs.h" #include "Backlights.h" #include "Clock.h" +#ifdef MQTT_USE_TLS +#include // for secure WiFi client + +WiFiClientSecure espClient; +// ************ Let's encrypt CA Root Certificate ***************** +// Valid To 04 Jun 2035 +const char *SSL_CA_PEM = "-----BEGIN CERTIFICATE-----\n" + "MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw\n" + "TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\n" + "cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4\n" + "WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu\n" + "ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY\n" + "MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc\n" + "h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+\n" + "0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U\n" + "A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW\n" + "T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH\n" + "B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC\n" + "B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv\n" + "KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn\n" + "OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn\n" + "jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw\n" + "qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI\n" + "rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV\n" + "HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq\n" + "hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL\n" + "ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ\n" + "3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK\n" + "NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5\n" + "ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur\n" + "TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC\n" + "jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc\n" + "oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq\n" + "4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA\n" + "mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d\n" + "emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=\n" + "-----END CERTIFICATE-----\n"; +#else +WiFiClient espClient; +#endif +PubSubClient MQTTclient(espClient); #define concat2(first, second) first second #define concat3(first, second, third) first second third #define concat4(first, second, third, fourth) first second third fourth -WiFiClient espClient; -PubSubClient MQTTclient(espClient); - #define MQTT_STATE_ON "ON" #define MQTT_STATE_OFF "OFF" @@ -330,7 +368,11 @@ void MqttStart() MQTTclient.setServer(MQTT_BROKER, MQTT_PORT); MQTTclient.setCallback(callback); MQTTclient.setBufferSize(2048); +#ifdef MQTT_USE_TLS + espClient.setCACert(SSL_CA_PEM); +#endif + Serial.println(""); Serial.println("Connecting to MQTT..."); if (MQTTclient.connect(MQTT_CLIENT, MQTT_USERNAME, MQTT_PASSWORD)) { @@ -341,14 +383,15 @@ void MqttStart() { if (MQTTclient.state() == 5) { - Serial.println("Connection not allowed by broker, possible reasons:"); + Serial.println("Error: Connection not allowed by broker, possible reasons:"); Serial.println("- Device is already online. Wait some seconds until it appears offline"); Serial.println("- Wrong Username or password. Check credentials"); Serial.println("- Client Id does not belong to this username, verify ClientId"); } else { - Serial.print("Not possible to connect to Broker Error code:"); + Serial.println("Error: Not possible to connect to Broker!"); + Serial.print("Error code:"); Serial.println(MQTTclient.state()); } return; // do not continue if not connected diff --git a/EleksTubeHAX_pio/src/_USER_DEFINES - empty.h b/EleksTubeHAX_pio/src/_USER_DEFINES - empty.h index 03a2884..37ac3e4 100644 --- a/EleksTubeHAX_pio/src/_USER_DEFINES - empty.h +++ b/EleksTubeHAX_pio/src/_USER_DEFINES - empty.h @@ -49,6 +49,7 @@ // #define MQTT_HOME_ASSISTANT_DISCOVERY_HW_VERSION "2.3.04" #define MQTT_BROKER "smartnest.cz" // Broker host #define MQTT_PORT 1883 // Broker port +// #define MQTT_USE_TLS // Use TLS for MQTT connection (set CA/root cert in Mqtt_client_ips.cpp - Default is Let's Encrypt CA certificate) #define MQTT_USERNAME "__enter_your_username_here__" // Username from Smartnest #define MQTT_PASSWORD "__enter_your_api_key_here__" // Password from Smartnest or API key (under MY Account) #define MQTT_CLIENT "__enter_your_device_id_here__" // Device Id from Smartnest From 5b2ed891e9f948975c29bf5135c466ba48769c42 Mon Sep 17 00:00:00 2001 From: Clemens Sutor Date: Mon, 25 Nov 2024 21:54:52 +0100 Subject: [PATCH 2/4] Added CA root cert loading from data partition for MQTT - Added default root CA cert from Let's Encrypt --- EleksTubeHAX_pio/data/ca-root.pem | 31 ++++++++ EleksTubeHAX_pio/src/Mqtt_client_ips.cpp | 80 +++++++++++--------- EleksTubeHAX_pio/src/Mqtt_client_ips.h | 1 + EleksTubeHAX_pio/src/_USER_DEFINES - empty.h | 2 +- EleksTubeHAX_pio/src/main.cpp | 4 +- 5 files changed, 81 insertions(+), 37 deletions(-) create mode 100644 EleksTubeHAX_pio/data/ca-root.pem diff --git a/EleksTubeHAX_pio/data/ca-root.pem b/EleksTubeHAX_pio/data/ca-root.pem new file mode 100644 index 0000000..b85c803 --- /dev/null +++ b/EleksTubeHAX_pio/data/ca-root.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 +WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu +ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc +h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ +0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U +A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW +T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH +B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC +B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv +KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn +OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn +jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw +qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI +rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq +hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL +ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ +3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK +NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 +ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur +TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC +jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc +oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq +4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA +mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d +emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= +-----END CERTIFICATE----- diff --git a/EleksTubeHAX_pio/src/Mqtt_client_ips.cpp b/EleksTubeHAX_pio/src/Mqtt_client_ips.cpp index 0fa505f..e8ad847 100644 --- a/EleksTubeHAX_pio/src/Mqtt_client_ips.cpp +++ b/EleksTubeHAX_pio/src/Mqtt_client_ips.cpp @@ -22,39 +22,6 @@ #include // for secure WiFi client WiFiClientSecure espClient; -// ************ Let's encrypt CA Root Certificate ***************** -// Valid To 04 Jun 2035 -const char *SSL_CA_PEM = "-----BEGIN CERTIFICATE-----\n" - "MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw\n" - "TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\n" - "cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4\n" - "WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu\n" - "ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY\n" - "MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc\n" - "h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+\n" - "0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U\n" - "A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW\n" - "T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH\n" - "B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC\n" - "B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv\n" - "KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn\n" - "OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn\n" - "jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw\n" - "qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI\n" - "rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV\n" - "HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq\n" - "hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL\n" - "ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ\n" - "3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK\n" - "NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5\n" - "ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur\n" - "TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC\n" - "jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc\n" - "oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq\n" - "4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA\n" - "mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d\n" - "emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=\n" - "-----END CERTIFICATE-----\n"; #else WiFiClient espClient; #endif @@ -358,6 +325,47 @@ void MqttReportState(bool force) #endif } +#ifdef MQTT_USE_TLS +bool loadCARootCert() +{ + const char *filename = "/ca-root.pem"; + Serial.println("Loading CA Root Certificate"); + + // Open the PEM file in read mode + File file = SPIFFS.open(filename, "r"); + if (!file) + { + Serial.println("ERROR: Failed to open ca-root.pem"); + return false; + } + + // Get the size of the file + size_t size = file.size(); + if (size == 0) + { + Serial.println("ERROR: Empty ca-root.pem"); + file.close(); + return false; + } + + // Use the loadCA() method to load the certificate directly from the file stream + bool result = espClient.loadCACert(file, size); + + file.close(); + + if (result) + { + Serial.println("CA Root Certificate loaded successfully"); + } + else + { + Serial.println("ERROR: Failed to load CA Root Certificate"); + } + + return result; +} +#endif + void MqttStart() { #ifdef MQTT_ENABLED @@ -369,7 +377,11 @@ void MqttStart() MQTTclient.setCallback(callback); MQTTclient.setBufferSize(2048); #ifdef MQTT_USE_TLS - espClient.setCACert(SSL_CA_PEM); + bool result = loadCARootCert(); + if (!result) + { + return; // load certificate failed -> do not continue + } #endif Serial.println(""); diff --git a/EleksTubeHAX_pio/src/Mqtt_client_ips.h b/EleksTubeHAX_pio/src/Mqtt_client_ips.h index 053877e..7389920 100644 --- a/EleksTubeHAX_pio/src/Mqtt_client_ips.h +++ b/EleksTubeHAX_pio/src/Mqtt_client_ips.h @@ -2,6 +2,7 @@ #define mqtt_client_H_ #include "GLOBAL_DEFINES.h" +#include extern bool MqttConnected; diff --git a/EleksTubeHAX_pio/src/_USER_DEFINES - empty.h b/EleksTubeHAX_pio/src/_USER_DEFINES - empty.h index 37ac3e4..dbcadda 100644 --- a/EleksTubeHAX_pio/src/_USER_DEFINES - empty.h +++ b/EleksTubeHAX_pio/src/_USER_DEFINES - empty.h @@ -49,7 +49,7 @@ // #define MQTT_HOME_ASSISTANT_DISCOVERY_HW_VERSION "2.3.04" #define MQTT_BROKER "smartnest.cz" // Broker host #define MQTT_PORT 1883 // Broker port -// #define MQTT_USE_TLS // Use TLS for MQTT connection (set CA/root cert in Mqtt_client_ips.cpp - Default is Let's Encrypt CA certificate) +// #define MQTT_USE_TLS // Use TLS for MQTT connection (set CA cert in data subfolder as ca-root.pem - Default is Let's Encrypt CA certificate) #define MQTT_USERNAME "__enter_your_username_here__" // Username from Smartnest #define MQTT_PASSWORD "__enter_your_api_key_here__" // Password from Smartnest or API key (under MY Account) #define MQTT_CLIENT "__enter_your_device_id_here__" // Device Id from Smartnest diff --git a/EleksTubeHAX_pio/src/main.cpp b/EleksTubeHAX_pio/src/main.cpp index 1835139..8777f52 100644 --- a/EleksTubeHAX_pio/src/main.cpp +++ b/EleksTubeHAX_pio/src/main.cpp @@ -126,10 +126,10 @@ void setup() // Setup MQTT tfts.setTextColor(TFT_YELLOW, TFT_BLACK); tfts.print("MQTT start..."); - Serial.print("MQTT start..."); + Serial.println("MQTT start..."); MqttStart(); tfts.println("Done!"); - Serial.println("Done!"); + Serial.println("MQTT start Done!"); tfts.setTextColor(TFT_WHITE, TFT_BLACK); #ifdef GEOLOCATION_ENABLED From 3e45b3c9fe32a273c8e9b2f7fd2368372d6f4239 Mon Sep 17 00:00:00 2001 From: Clemens Sutor Date: Thu, 28 Nov 2024 00:59:13 +0100 Subject: [PATCH 3/4] Added comments in the _USER_DEFINES.h for MQTT_USE_TLS - Moved MQTT_SAVE_PREFERENCES_AFTER_SEC up - changed filenmae for CA root cert - Added check if file exists - Moved CA file as example to 'data - other graphics' folder --- EleksTubeHAX_pio/src/Mqtt_client_ips.cpp | 13 ++++++++++--- EleksTubeHAX_pio/src/_USER_DEFINES - empty.h | 8 +++++--- .../mqtt-ca-root.pem | 0 3 files changed, 15 insertions(+), 6 deletions(-) rename EleksTubeHAX_pio/data/ca-root.pem => data - other graphics/mqtt-ca-root.pem (100%) diff --git a/EleksTubeHAX_pio/src/Mqtt_client_ips.cpp b/EleksTubeHAX_pio/src/Mqtt_client_ips.cpp index e8ad847..4cffd16 100644 --- a/EleksTubeHAX_pio/src/Mqtt_client_ips.cpp +++ b/EleksTubeHAX_pio/src/Mqtt_client_ips.cpp @@ -328,14 +328,21 @@ void MqttReportState(bool force) #ifdef MQTT_USE_TLS bool loadCARootCert() { - const char *filename = "/ca-root.pem"; + const char *filename = "/mqtt-ca-root.pem"; Serial.println("Loading CA Root Certificate"); + // Check if the PEM file exists + if (!SPIFFS.exists(filename)) + { + Serial.println("ERROR: File not found mqtt-ca-root.pem"); + return false; + } + // Open the PEM file in read mode File file = SPIFFS.open(filename, "r"); if (!file) { - Serial.println("ERROR: Failed to open ca-root.pem"); + Serial.println("ERROR: Failed to open mqtt-ca-root.pem"); return false; } @@ -343,7 +350,7 @@ bool loadCARootCert() size_t size = file.size(); if (size == 0) { - Serial.println("ERROR: Empty ca-root.pem"); + Serial.println("ERROR: Empty mqtt-ca-root.pem"); file.close(); return false; } diff --git a/EleksTubeHAX_pio/src/_USER_DEFINES - empty.h b/EleksTubeHAX_pio/src/_USER_DEFINES - empty.h index 514759a..03bc87e 100644 --- a/EleksTubeHAX_pio/src/_USER_DEFINES - empty.h +++ b/EleksTubeHAX_pio/src/_USER_DEFINES - empty.h @@ -40,7 +40,8 @@ #define GEOLOCATION_API_KEY "__enter_your_api_key_here__" // ************* MQTT config ************* -// #define MQTT_ENABLED // enable general MQTT support +// #define MQTT_ENABLED // enable general MQTT support +// #define MQTT_SAVE_PREFERENCES_AFTER_SEC 60 // auto save config X seconds after last MQTT message received // --- MQTT Home Assistant settings --- // You will either need a local MQTT broker to use MQTT with Home Assistant (e.g. Mosquitto) or use an internet-based broker with Home Assistant support. @@ -66,11 +67,12 @@ #define MQTT_BROKER "smartnest.cz" // Broker host #define MQTT_PORT 1883 // Broker port -// #define MQTT_USE_TLS // Use TLS for MQTT connection (set CA cert in data subfolder as ca-root.pem - Default is Let's Encrypt CA certificate) #define MQTT_USERNAME "__enter_your_username_here__" // Username from Smartnest #define MQTT_PASSWORD "__enter_your_api_key_here__" // Password from Smartnest or API key (under MY Account) #define MQTT_CLIENT "__enter_your_device_id_here__" // Device Id from Smartnest -#define MQTT_SAVE_PREFERENCES_AFTER_SEC 60 +// #define MQTT_USE_TLS // Use TLS for MQTT connection. Setting a root CA certificate is needed! + // Don't forget to copy the correct certificate file into the 'data' folder and rename it to mqtt-ca-root.pem! + // Example CA cert (Let's Encrypt CA cert) can be found in the 'data - other graphics' subfolder in the root of this repo // ************* Optional temperature sensor ************* // #define ONE_WIRE_BUS_PIN 4 // DS18B20 connected to GPIO4; comment this line if sensor is not connected diff --git a/EleksTubeHAX_pio/data/ca-root.pem b/data - other graphics/mqtt-ca-root.pem similarity index 100% rename from EleksTubeHAX_pio/data/ca-root.pem rename to data - other graphics/mqtt-ca-root.pem From 0929c8c71a864601dee21bcf509913db51056468 Mon Sep 17 00:00:00 2001 From: Clemens Sutor Date: Thu, 28 Nov 2024 01:05:51 +0100 Subject: [PATCH 4/4] fix - MQTT_SAVE_PREFERENCES_AFTER_SEC needs to be defined --- EleksTubeHAX_pio/src/_USER_DEFINES - empty.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EleksTubeHAX_pio/src/_USER_DEFINES - empty.h b/EleksTubeHAX_pio/src/_USER_DEFINES - empty.h index 03bc87e..74e0bc3 100644 --- a/EleksTubeHAX_pio/src/_USER_DEFINES - empty.h +++ b/EleksTubeHAX_pio/src/_USER_DEFINES - empty.h @@ -41,7 +41,7 @@ // ************* MQTT config ************* // #define MQTT_ENABLED // enable general MQTT support -// #define MQTT_SAVE_PREFERENCES_AFTER_SEC 60 // auto save config X seconds after last MQTT message received +#define MQTT_SAVE_PREFERENCES_AFTER_SEC 60 // auto save config X seconds after last MQTT message received // --- MQTT Home Assistant settings --- // You will either need a local MQTT broker to use MQTT with Home Assistant (e.g. Mosquitto) or use an internet-based broker with Home Assistant support.