From 4d74d0c5225678a8cf6e5af556bcac3d6f89a175 Mon Sep 17 00:00:00 2001 From: michael Date: Tue, 24 Dec 2024 12:14:53 +0100 Subject: [PATCH] test1 --- code/components/jomjol_flowcontroll/ClassFlowMQTT.cpp | 10 +++++++++- param-docs/parameter-pages/MQTT/ValidateServerCert.md | 7 ++++--- sd-card/html/edit_config_template.html | 4 ++-- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/code/components/jomjol_flowcontroll/ClassFlowMQTT.cpp b/code/components/jomjol_flowcontroll/ClassFlowMQTT.cpp index e0df96fc..b6b62d80 100644 --- a/code/components/jomjol_flowcontroll/ClassFlowMQTT.cpp +++ b/code/components/jomjol_flowcontroll/ClassFlowMQTT.cpp @@ -114,7 +114,15 @@ bool ClassFlowMQTT::ReadParameter(FILE* pfile, string& aktparamgraph) } if ((toUpper(_param) == "VALIDATESERVERCERT") && (splitted.size() > 1)) { - validateServerCert = alphanumericToBoolean(splitted[1]); + bool _validateServerCert = alphanumericToBoolean(splitted[1]); + if (_validateServerCert == true) + { + validateServerCert = false; + } + else + { + validateServerCert = true; + } } if ((toUpper(_param) == "CLIENTCERT") && (splitted.size() > 1)) { diff --git a/param-docs/parameter-pages/MQTT/ValidateServerCert.md b/param-docs/parameter-pages/MQTT/ValidateServerCert.md index 839ae35d..dc3ed9b3 100644 --- a/param-docs/parameter-pages/MQTT/ValidateServerCert.md +++ b/param-docs/parameter-pages/MQTT/ValidateServerCert.md @@ -7,11 +7,12 @@ Default Value: `true` Enable or disable the validation of the server certificate. -If `enabled (true)`, the certificate sent by the server is validated using the configured [Root CA Certificate file](https://jomjol.github.io/AI-on-the-edge-device-docs/Parameters/#parameter-cacert).\ -The server name in [uri](https://jomjol.github.io/AI-on-the-edge-device-docs/Parameters/#parameter-uri) is compared with the CN field of the server certificate. A connection will be only established if these match.\ +If `enabled (true)`, the certificate sent by the server is validated using the configured [Root CA Certificate file](https://jomjol.github.io/AI-on-the-edge-device-docs/Parameters/#parameter-cacert).
+The server name in [uri](https://jomjol.github.io/AI-on-the-edge-device-docs/Parameters/#parameter-uri) is compared with the CN field of the server certificate.
+A connection will be only established if these match.
It ensures the origin of the server. -If `disabled (false)`, only the validity of the certificate (e.g. expiry) is checked, not the origin (CN field).\ +If `disabled (false)`, only the validity of the certificate (e.g. expiry) is checked, not the origin (CN field).
If you use public brokers, make sure to set this parameter to "enabled", to avoid potential MITM-Attacks! !!! Note diff --git a/sd-card/html/edit_config_template.html b/sd-card/html/edit_config_template.html index 838888a4..dea45e68 100644 --- a/sd-card/html/edit_config_template.html +++ b/sd-card/html/edit_config_template.html @@ -2366,7 +2366,7 @@ function UpdateInput() { WriteParameter(param, category, "MQTT", "CACert", true); WriteParameter(param, category, "MQTT", "ClientCert", true); WriteParameter(param, category, "MQTT", "ClientKey", true); - WriteParameter(param, category, "MQTT", "ValidateServerCert", false); + WriteParameter(param, category, "MQTT", "ValidateServerCert", true); WriteParameter(param, category, "MQTT", "DomoticzTopicIn", true); WriteParameter(param, category, "InfluxDB", "Uri", true); @@ -2535,7 +2535,7 @@ function ReadParameterAll() { ReadParameter(param, "MQTT", "CACert", true); ReadParameter(param, "MQTT", "ClientCert", true); ReadParameter(param, "MQTT", "ClientKey", true); - ReadParameter(param, "MQTT", "ValidateServerCert", false); + ReadParameter(param, "MQTT", "ValidateServerCert", true); ReadParameter(param, "MQTT", "DomoticzTopicIn", true); ReadParameter(param, "InfluxDB", "Uri", true);