test

code/components/jomjol_flowcontroll/ClassFlowMQTT.cpp

@@ -40,6 +40,7 @@ void ClassFlowMQTT::SetInitialParameter(void)
     caCertFilename = "";
     clientCertFilename = "";
     clientKeyFilename = "";
+    validateServerCert = true;
     clientname = wlan_config.hostname;
 
     OldValue = "";
@@ -110,6 +111,10 @@ bool ClassFlowMQTT::ReadParameter(FILE* pfile, string& aktparamgraph)
         if ((toUpper(_param) == "CACERT") && (splitted.size() > 1))
         {
             this->caCertFilename = splitted[1];
+        }
+        if ((toUpper(_param) == "VALIDATESERVERCERT") && (splitted.size() > 1))
+        {
+            validateServerCert = alphanumericToBoolean(splitted[1]);
         }  
         if ((toUpper(_param) == "CLIENTCERT") && (splitted.size() > 1))
         {
@@ -133,10 +138,8 @@ bool ClassFlowMQTT::ReadParameter(FILE* pfile, string& aktparamgraph)
         }
         if ((toUpper(_param) == "RETAINMESSAGES") && (splitted.size() > 1))
         {
-            if (toUpper(splitted[1]) == "TRUE") {
-                SetRetainFlag = true;  
-                setMqtt_Server_Retain(SetRetainFlag);
-            }
+            SetRetainFlag = alphanumericToBoolean(splitted[1]);
+            setMqtt_Server_Retain(SetRetainFlag);
         }
         if ((toUpper(_param) == "HOMEASSISTANTDISCOVERY") && (splitted.size() > 1))
         {
@@ -225,7 +228,7 @@ bool ClassFlowMQTT::Start(float AutoInterval)
     mqttServer_setParameter(flowpostprocessing->GetNumbers(), keepAlive, roundInterval);
 
     bool MQTTConfigCheck = MQTT_Configure(uri, clientname, user, password, maintopic, domoticzintopic, LWT_TOPIC, LWT_CONNECTED,
-                                     LWT_DISCONNECTED, caCertFilename, clientCertFilename, clientKeyFilename,
+                                     LWT_DISCONNECTED, caCertFilename, validateServerCert, clientCertFilename, clientKeyFilename,
                                      keepAlive, SetRetainFlag, (void *)&GotConnected);
 
     if (!MQTTConfigCheck) {

code/components/jomjol_flowcontroll/ClassFlowMQTT.h

@@ -19,7 +19,8 @@ protected:
     std::string OldValue;
 	ClassFlowPostProcessing* flowpostprocessing;  
     std::string user, password; 
-    std::string caCertFilename, clientCertFilename, clientKeyFilename; 
+    std::string caCertFilename, clientCertFilename, clientKeyFilename;
+    bool validateServerCert;
     bool SetRetainFlag;
     int keepAlive; // Seconds
     float roundInterval; // Minutes

code/components/jomjol_mqtt/interface_mqtt.cpp

@@ -36,6 +36,7 @@ bool mqtt_connected = false;
 esp_mqtt_client_handle_t client = NULL;
 std::string uri, client_id, lwt_topic, lwt_connected, lwt_disconnected, user, password, maintopic, domoticz_in_topic;
 std::string caCert, clientCert, clientKey;
+bool validateServerCert = true;
 int keepalive;
 bool SetRetainFlag;
 void (*callbackOnConnected)(std::string, bool) = NULL;
@@ -206,7 +207,7 @@ static void mqtt_event_handler(void *handler_args, esp_event_base_t base, int32_
 
 bool MQTT_Configure(std::string _mqttURI, std::string _clientid, std::string _user, std::string _password,
         std::string _maintopic, std::string _domoticz_in_topic, std::string _lwt, std::string _lwt_connected, std::string _lwt_disconnected,
-        std::string _cacertfilename, std::string _clientcertfilename, std::string _clientkeyfilename, 
+        std::string _cacertfilename, bool _validateServerCert, std::string _clientcertfilename, std::string _clientkeyfilename, 
                     int _keepalive, bool _SetRetainFlag, void *_callbackOnConnected) {
     if ((_mqttURI.length() == 0) || (_maintopic.length() == 0) || (_clientid.length() == 0)) 
     {
@@ -244,6 +245,8 @@ bool MQTT_Configure(std::string _mqttURI, std::string _clientid, std::string _us
         LogFile.WriteToFile(ESP_LOG_INFO, TAG, "using caCert: " + _cacertfilename);
     }
 
+    validateServerCert = _validateServerCert;
+
     if (_user.length() && _password.length()){
         user = _user;
         password = _password;
@@ -295,12 +298,12 @@ int MQTT_Init() {
     mqtt_cfg.session.last_will.msg = lwt_disconnected.c_str();
     mqtt_cfg.session.last_will.msg_len = (int)(lwt_disconnected.length());
     mqtt_cfg.session.keepalive = keepalive;
-    mqtt_cfg.buffer.size = 1536;                         // size of MQTT send/receive buffer (Default: 1024)
+    mqtt_cfg.buffer.size = 2048;                         // size of MQTT send/receive buffer
 
     if (caCert.length()){
         mqtt_cfg.broker.verification.certificate = caCert.c_str();
         mqtt_cfg.broker.verification.certificate_len = caCert.length() + 1;
-        mqtt_cfg.broker.verification.skip_cert_common_name_check = true;
+        mqtt_cfg.broker.verification.skip_cert_common_name_check = validateServerCert;
     }
 
     if (clientCert.length() && clientKey.length()){

code/components/jomjol_mqtt/interface_mqtt.h

@@ -11,7 +11,7 @@
 
 bool MQTT_Configure(std::string _mqttURI, std::string _clientid, std::string _user, std::string _password,
                     std::string _maintopic, std::string _domoticz_in_topic, std::string _lwt, std::string _lwt_connected, std::string _lwt_disconnected,
-                    std::string _cacertfilename, std::string _clientcertfilename, std::string _clientkeyfilename, 
+                    std::string _cacertfilename, bool _validateServerCert, std::string _clientcertfilename, std::string _clientkeyfilename, 
                     int _keepalive, bool SetRetainFlag, void *callbackOnConnected);
 int MQTT_Init();
 void MQTTdestroy_client(bool _disable);

code/sdkconfig.defaults

@@ -127,6 +127,8 @@ CONFIG_MQTT_USE_CUSTOM_CONFIG=y
 #CONFIG_MQTT_OUTBOX_EXPIRED_TIMEOUT_MS=5000
 #CONFIG_MQTT_CUSTOM_OUTBOX=y # -> Use custom outbox in components/jomjol_mqtt/mqtt_outbox.h/cpp. If USE_PSRAM is enabled in there, it will save 10 kBytes of internal RAM. How ever it also leads to memory fragmentation, see https://github.com/jomjol/AI-on-the-edge-device/issues/2200
 
+CONFIG_ESP_TLS_INSECURE=y
+
 CONFIG_FREERTOS_TASK_FUNCTION_WRAPPER=n
 
 CONFIG_CAMERA_CORE0=n