Update interface_mqtt.cpp

2025-12-06 11:36:51 +03:00 · 2025-01-24 06:41:38 +01:00
parent 5dfd9a7db0
commit f16cf1406c
1 changed files with 36 additions and 34 deletions
--- a/code/components/jomjol_mqtt/interface_mqtt.cpp
+++ b/code/components/jomjol_mqtt/interface_mqtt.cpp
@@ -221,24 +221,42 @@ bool MQTT_Configure(std::string _mqttURI, std::string _clientid, std::string _us
    domoticz_in_topic = _domoticz_in_topic;
    callbackOnConnected = ( void (*)(std::string, bool) )(_callbackOnConnected);

-    if (_clientcertfilename.length() && _clientkeyfilename.length()){
+    if (_clientcertfilename.length() && _clientkeyfilename.length()) {
        std::ifstream cert_ifs(_clientcertfilename);
+        if (cert_ifs.is_open()) {
            std::string cert_content((std::istreambuf_iterator<char>(cert_ifs)), (std::istreambuf_iterator<char>()));
            clientCert = cert_content;
+            cert_ifs.close();
            LogFile.WriteToFile(ESP_LOG_INFO, TAG, "using clientCert: " + _clientcertfilename);
-
-        std::ifstream key_ifs(_clientkeyfilename);
-        std::string key_content((std::istreambuf_iterator<char>(key_ifs)), (std::istreambuf_iterator<char>()));
-        clientKey = key_content;
-        LogFile.WriteToFile(ESP_LOG_INFO, TAG, "using clientKey: " + _clientkeyfilename);
+        }
+        else {
+            LogFile.WriteToFile(ESP_LOG_INFO, TAG, "could not open clientCert: " + _clientcertfilename);
        }

-    if (_cacertfilename.length() ){
-        std::ifstream ifs(_cacertfilename);
-        std::string content((std::istreambuf_iterator<char>(ifs)), (std::istreambuf_iterator<char>()));
+        std::ifstream key_ifs(_clientkeyfilename);
+        if (key_ifs.is_open()) {
+            std::string key_content((std::istreambuf_iterator<char>(key_ifs)), (std::istreambuf_iterator<char>()));
+            clientKey = key_content;
+            key_ifs.close();
+            LogFile.WriteToFile(ESP_LOG_INFO, TAG, "using clientKey: " + _clientkeyfilename);
+        }
+        else {
+            LogFile.WriteToFile(ESP_LOG_INFO, TAG, "could not open clientKey: " + _clientkeyfilename);
+        }
+    }
+
+    if (_cacertfilename.length()) {
+        std::ifstream ca_ifs(_cacertfilename);
+        if (ca_ifs.is_open()) {
+            std::string content((std::istreambuf_iterator<char>(ca_ifs)), (std::istreambuf_iterator<char>()));
            caCert = content;
+            ca_ifs.close();
            LogFile.WriteToFile(ESP_LOG_INFO, TAG, "using caCert: " + _cacertfilename);
        }
+        else {
+            LogFile.WriteToFile(ESP_LOG_INFO, TAG, "could not open caCert: " + _cacertfilename);
+        }
+    }

    validateServerCert = _validateServerCert;

@@ -294,38 +312,22 @@ int MQTT_Init() {
    mqtt_cfg.session.keepalive = keepalive;
    mqtt_cfg.buffer.size = 2048;                         // size of MQTT send/receive buffer

-#if MQTT_ENABLE_SSL
-    if (caCert.length()){
+    if (caCert.length()) {
        mqtt_cfg.broker.verification.certificate = caCert.c_str();
-        // darf nur bei DER_CERTIFICATES gesetzt werden, wenn PEM_CERTIFICATES muß = 0 sein ??????????????????????????
-        // siehe: .platformio\packages\framework-espidf\components\mqtt\esp-mqtt\mqtt_client.c
-        //         static esp_err_t esp_mqtt_set_cert_key_data()
-        // mqtt_cfg.broker.verification.certificate_len = caCert.length() + 1;
-        mqtt_cfg.broker.verification.certificate_len = 0;
+        mqtt_cfg.broker.verification.certificate_len = caCert.length() + 1;

-#if defined(MQTT_SUPPORTED_FEATURE_SKIP_CRT_CMN_NAME_CHECK)
        // Skip any validation of server certificate CN field, this reduces the
        // security of TLS and makes the *MQTT* client susceptible to MITM attacks
        mqtt_cfg.broker.verification.skip_cert_common_name_check = !validateServerCert;
-#endif // end MQTT_SUPPORTED_FEATURE_SKIP_CRT_CMN_NAME_CHECK
    }

-    if (clientCert.length() && clientKey.length()){
+    if (clientCert.length() && clientKey.length()) {
        mqtt_cfg.credentials.authentication.certificate = clientCert.c_str();
-        // darf nur bei DER_CERTIFICATES gesetzt werden, wenn PEM_CERTIFICATES muß = 0 sein ??????????????????????????
-        // siehe: .platformio\packages\framework-espidf\components\mqtt\esp-mqtt\mqtt_client.c
-        //         static esp_err_t esp_mqtt_set_cert_key_data()
-        // mqtt_cfg.credentials.authentication.certificate_len = clientCert.length() + 1;
-        mqtt_cfg.credentials.authentication.certificate_len = 0;
+        mqtt_cfg.credentials.authentication.certificate_len = clientCert.length() + 1;

        mqtt_cfg.credentials.authentication.key = clientKey.c_str();
-        // darf nur bei DER_CERTIFICATES gesetzt werden, wenn PEM_CERTIFICATES muß = 0 sein ??????????????????????????
-        // siehe: .platformio\packages\framework-espidf\components\mqtt\esp-mqtt\mqtt_client.c
-        //         static esp_err_t esp_mqtt_set_cert_key_data()
-        // mqtt_cfg.credentials.authentication.key_len = clientKey.length() + 1;
-        mqtt_cfg.credentials.authentication.key_len = 0;
+        mqtt_cfg.credentials.authentication.key_len = clientKey.length() + 1;
    }
-#endif // end MQTT_ENABLE_SSL

    if (user.length() && password.length()){
        mqtt_cfg.credentials.username = user.c_str();