Commit 97a70a1

authored

New TLS implementation (mysensors#1520)

* New TLS implementation Implement TLS to mqtt server thanks to WiFiClientSecure class * New TLS implementation Implement TLS to mqtt server thanks to WiFiClientSecure class * New TLS implementation Implement TLS to mqtt server thanks to WiFiClientSecure class * New TLS implementation Implement TLS to mqtt server thanks to WiFiClientSecure class * Update MyConfig.h Typo * Update GatewayESP8266SecureMQTTClient.ino Typo * MyGatewayTransportMQTTClient.cpp updated Move tls settings to bool gatewayTransportInit(void) * MySensors code styling applied by GIT * Try to fix Doxygen warnings * Doxygen warnings fixed hopefuly * MY_GATEWAY_ESP8266_SECURE doc added * MY_GATEWAY_ESP8266_SECURE doc completed * Avoid platform cross compiling * Replaced spaces indent by tabs * Multilines comments to /*

1 parent b49817b commit 97a70a1Copy full SHA for 97a70a1

File tree

6 files changed

+524

-30

lines changed

.ci
- arduino.groovy
MyConfig.h
core
- MyGatewayTransportMQTTClient.cpp
examples/GatewayESP8266SecureMQTTClient
- GatewayESP8266SecureMQTTClient.ino
- certs.h
keywords.txt

6 files changed

+524

-30

lines changed

`‎.ci/arduino.groovy‎`

Lines changed: 8 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,7 @@ def buildMySensorsMicro(config, sketches, String key) {`
`51`	`51`	`for (sketch = 0; sketch < sketches.size(); sketch++) {`
`52`	`52`	`if (sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&`
`53`	`53`	`sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&`
	`54`	`+ sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&`
`54`	`55`	`sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&`
`55`	`56`	`sketches[sketch].path != config.library_root+'examples/GatewayGSMMQTTClient/GatewayGSMMQTTClient.ino' &&`
`56`	`57`	`sketches[sketch].path != config.library_root+'examples/GatewayESP32/GatewayESP32.ino' &&`
`@@ -87,6 +88,7 @@ def buildMySensorsGw(config, sketches, String key) {`
`87`	`88`	`if (sketches[sketch].path != config.library_root+'examples/BatteryPoweredSensor/BatteryPoweredSensor.ino' &&`
`88`	`89`	`sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&`
`89`	`90`	`sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&`
	`91`	`+ sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&`
`90`	`92`	`sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&`
`91`	`93`	`sketches[sketch].path != config.library_root+'examples/GatewayGSMMQTTClient/GatewayGSMMQTTClient.ino' &&`
`92`	`94`	`sketches[sketch].path != config.library_root+'examples/GatewayESP32/GatewayESP32.ino' &&`
`@@ -123,6 +125,7 @@ def buildArduinoUno(config, sketches, String key) {`
`123`	`125`	`for (sketch = 0; sketch < sketches.size(); sketch++) {`
`124`	`126`	`if (sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&`
`125`	`127`	`sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&`
	`128`	`+ sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&`
`126`	`129`	`sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&`
`127`	`130`	`sketches[sketch].path != config.library_root+'examples/GatewayESP32/GatewayESP32.ino' &&`
`128`	`131`	`sketches[sketch].path != config.library_root+'examples/GatewayESP32OTA/GatewayESP32OTA.ino' &&`
`@@ -157,6 +160,7 @@ def buildArduinoMega(config, sketches, String key) {`
`157`	`160`	`for (sketch = 0; sketch < sketches.size(); sketch++) {`
`158`	`161`	`if (sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&`
`159`	`162`	`sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&`
	`163`	`+ sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&`
`160`	`164`	`sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&`
`161`	`165`	`sketches[sketch].path != config.library_root+'examples/GatewayESP32/GatewayESP32.ino' &&`
`162`	`166`	`sketches[sketch].path != config.library_root+'examples/GatewayESP32OTA/GatewayESP32OTA.ino' &&`
`@@ -191,6 +195,7 @@ def buildSTM32F1(config, sketches, String key) {`
`191`	`195`	`for (sketch = 0; sketch < sketches.size(); sketch++) {`
`192`	`196`	`if (sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&`
`193`	`197`	`sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&`
	`198`	`+ sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&`
`194`	`199`	`sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&`
`195`	`200`	`sketches[sketch].path != config.library_root+'examples/GatewayESP32/GatewayESP32.ino' &&`
`196`	`201`	`sketches[sketch].path != config.library_root+'examples/GatewayESP32OTA/GatewayESP32OTA.ino' &&`
`@@ -280,6 +285,7 @@ def buildESP32(config, sketches, String key) {`
`280`	`285`	`sketches[sketch].path != config.library_root+'examples/GatewayGSMMQTTClient/GatewayGSMMQTTClient.ino' &&`
`281`	`286`	`sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&`
`282`	`287`	`sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&`
	`288`	`+ sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&`
`283`	`289`	`sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&`
`284`	`290`	`sketches[sketch].path != config.library_root+'examples/SensebenderGatewaySerial/SensebenderGatewaySerial.ino' &&`
`285`	`291`	`sketches[sketch].path != config.library_root+'examples/MotionSensorRS485/MotionSensorRS485.ino' &&`
`@@ -316,6 +322,7 @@ def buildnRF5(config, sketches, String key) {`
`316`	`322`	`sketches[sketch].path != config.library_root+'examples/DustSensorDSM/DustSensorDSM.ino' &&`
`317`	`323`	`sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&`
`318`	`324`	`sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&`
	`325`	`+ sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&`
`319`	`326`	`sketches[sketch].path != config.library_root+'examples/GatewayGSMMQTTClient/GatewayGSMMQTTClient.ino' &&`
`320`	`327`	`sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&`
`321`	`328`	`sketches[sketch].path != config.library_root+'examples/GatewayESP32/GatewayESP32.ino' &&`
`@@ -396,4 +403,4 @@ def buildnRF51822(config, sketches, String key) {`
`396`	`403`	`}`
`397`	`404`	`}`
`398`	`405`
`399`		`-return this`
	`406`	`+return this`

`‎MyConfig.h‎`

Lines changed: 66 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -1426,6 +1426,8 @@`
`1426`	`1426`	`* @brief Define this for Ethernet GW based on the ENC28J60 module.`
`1427`	`1427`	`* @def MY_GATEWAY_ESP8266`
`1428`	`1428`	`* @brief Define this for Ethernet GW based on the ESP8266.`
	`1429`	`+ * @def MY_GATEWAY_ESP8266_SECURE`
	`1430`	`+ * @brief Define this for Ethernet GW based on the ESP8266 with TLS.`
`1429`	`1431`	`* @def MY_GATEWAY_ESP32`
`1430`	`1432`	`* @brief Define this for Ethernet GW based on the ESP32.`
`1431`	`1433`	`* @def MY_GATEWAY_LINUX`
`@@ -1441,6 +1443,7 @@`
`1441`	`1443`	`//#define MY_GATEWAY_W5100`
`1442`	`1444`	`//#define MY_GATEWAY_ENC28J60`
`1443`	`1445`	`//#define MY_GATEWAY_ESP8266`
	`1446`	`+//#define MY_GATEWAY_ESP8266_SECURE`
`1444`	`1447`	`//#define MY_GATEWAY_ESP32`
`1445`	`1448`	`//#define MY_GATEWAY_LINUX`
`1446`	`1449`	`//#define MY_GATEWAY_TINYGSM`
`@@ -1548,29 +1551,79 @@`
`1548`	`1551`	`//#define MY_MQTT_SUBSCRIBE_TOPIC_PREFIX "mygateway1-in"`
`1549`	`1552`
`1550`	`1553`	`/**`
`1551`		`- * @def MY_MQTT_CA_CERT`
`1552`		`- * @brief Set a specific CA certificate needed to validate MQTT server against. Use the certificate as a trust anchor, accepting remote certificates signed by it.`
	`1554`	`+ * @def MY_MQTT_CA_CERT1`
	`1555`	`+ * @brief Up to three root Certificates Authorities could be defined to validate the mqtt server' certificate. The most secure.`
	`1556`	`+ *`
	`1557`	`+ * This define is mandatory when you need connect MQTT over SSL/TLS. Certificate Authorities.`
	`1558`	`+ * The best method to validate server certificates.`
	`1559`	`+ * Advised to retrieve root Certificate Authorities as they expire less often than server certificates.`
	`1560`	`+ * With let's encrypt you may need up to three Certificate Authorities`
`1553`	`1561`	`*`
`1554`		`- * This define is mandatory when you need connect MQTT over SSL/TLS.`
`1555`	`1562`	`* Example: @code`
`1556`	`1563`	`*`
`1557`		`- * const char mqtt_ca_cert[] PROGMEM = R"EOF(`
	`1564`	`+ * const char cert_isrgrootx1_Authority[] PROGMEM = R"EOF(`
`1558`	`1565`	`* ----- BEGIN THE CERTIFICATE -----`
`1559`	`1566`	`* XXX ... XXX`
`1560`	`1567`	`* ----- FINISH CERTIFICATE -----`
`1561`	`1568`	`* )EOF";`
`1562`	`1569`	`*`
`1563`		`- * #define MY_MQTT_CA_CERT mqtt_ca_cert`
	`1570`	`+ * const char cert_isrgrootx2_Authority[] PROGMEM = R"EOF(`
	`1571`	`+ * ----- BEGIN THE CERTIFICATE -----`
	`1572`	`+ * XXX ... XXX`
	`1573`	`+ * ----- FINISH CERTIFICATE -----`
	`1574`	`+ * )EOF";`
	`1575`	`+ *`
	`1576`	`+ * const char cert_letsEncryptR3_Authority[] PROGMEM = R"EOF(`
	`1577`	`+ * ----- BEGIN THE CERTIFICATE -----`
	`1578`	`+ * XXX ... XXX`
	`1579`	`+ * ----- FINISH CERTIFICATE -----`
	`1580`	`+ * )EOF";`
	`1581`	`+ *`
	`1582`	`+ * #define MY_MQTT_CA_CERT1 cert_isrgrootx1_Authority`
	`1583`	`+ * #define MY_MQTT_CA_CERT2 cert_isrgrootx2_Authority`
	`1584`	`+ * #define MY_MQTT_CA_CERT3 cert_letsEncryptR3_Authority`
	`1585`	`+ *`
	`1586`	`+ * @endcode`
	`1587`	`+ */`
	`1588`	`+//#define MY_MQTT_CA_CERT1`
	`1589`	`+`
	`1590`	`+/**`
	`1591`	`+ * @def MY_MQTT_CA_CERT2`
	`1592`	`+ * @brief Up to three root Certificates Authorities could be defined to validate the mqtt serv.`
	`1593`	`+*/`
	`1594`	`+//#define MY_MQTT_CA_CERT2`
	`1595`	`+`
	`1596`	`+/**`
	`1597`	`+ * @def MY_MQTT_CA_CERT3`
	`1598`	`+ * @brief Up to three root Certificates Authorities could be defined to validate the mqtt serv.`
	`1599`	`+*/`
	`1600`	`+//#define MY_MQTT_CA_CERT3`
	`1601`	`+`
	`1602`	`+`
	`1603`	`+/**`
	`1604`	`+ * @def MY_MQTT_FINGERPRINT`
	`1605`	`+ * @brief Server certificate validation with its fingerprint`
	`1606`	`+ *`
	`1607`	`+ * The finger print to validate the mqtt server certificate. This is less secure and less convenient`
	`1608`	`+ * than using certificate authorities.`
	`1609`	`+ * Command (3 lines...) to obtain the certificate finger print:`
	`1610`	`+ * @code`
	`1611`	`+ * $>openssl s_client -connect <hostname>:<host port> < /dev/null 2>/dev/null \| \`
	`1612`	`+ * openssl x509 -fingerprint -noout -in /dev/stdin \`
	`1613`	`+ * awk -F= '{print 2ドル}'`
	`1614`	`+ * @endcode`
`1564`	`1615`	`*`
	`1616`	`+ * Example: @code`
	`1617`	`+ * const char mqtt_fingerprint [] PROGMEM = "CA:CE:2B:MD:D3:32:A3:F1:8C:73:9E:1B:B7:D5:75:4A:10:61:E4:05";`
`1565`	`1618`	`* @endcode`
`1566`	`1619`	`*/`
`1567`		`-//#define MY_MQTT_CA_CERT`
	`1620`	`+//#define MY_MQTT_FINGERPRINT`
`1568`	`1621`
`1569`	`1622`	`/**`
`1570`	`1623`	`* @def MY_MQTT_CLIENT_CERT`
`1571`	`1624`	`* @brief Set a client certificate to send to a MQTT server that requests one over TLS connection.`
`1572`	`1625`	`*`
`1573`		`- * This define is mandatory when you need connect MQTT over SSL/TLS.`
	`1626`	`+ * This define is mandatory when you need connect MQTT over SSL/TLS and client certificate is requested.`
`1574`	`1627`	`* Example: @code`
`1575`	`1628`	`*`
`1576`	`1629`	`* const char mqtt_client_cert[] PROGMEM = R"EOF(`
`@@ -1587,9 +1640,9 @@`
`1587`	`1640`
`1588`	`1641`	`/**`
`1589`	`1642`	`* @def MY_MQTT_CLIENT_KEY`
`1590`		`- * @brief Set a client private key to send to a MQTT server that requests one over TLS connection.`
	`1643`	`+ * @brief Set the client private key generated with the MY_MQTT_CLIENT_CERT.`
`1591`	`1644`	`*`
`1592`		`- * This define is mandatory when you need connect MQTT over SSL/TLS.`
	`1645`	`+ * This define is mandatory when you need connect MQTT over SSL/TLS and client certificate is requested.`
`1593`	`1646`	`* Example: @code`
`1594`	`1647`	`*`
`1595`	`1648`	`* const char mqtt_client_key[] PROGMEM = R"EOF(`
`@@ -2373,7 +2426,10 @@`
`2373`	`2426`	`#define MY_MQTT_CLIENT_ID`
`2374`	`2427`	`#define MY_MQTT_PUBLISH_TOPIC_PREFIX`
`2375`	`2428`	`#define MY_MQTT_SUBSCRIBE_TOPIC_PREFIX`
`2376`		`-#define MY_MQTT_CA_CERT`
	`2429`	`+#define MY_MQTT_CA_CERT1`
	`2430`	`+#define MY_MQTT_CA_CERT2`
	`2431`	`+#define MY_MQTT_CA_CERT3`
	`2432`	`+#define MY_MQTT_FINGERPRINT`
`2377`	`2433`	`#define MY_MQTT_CLIENT_CERT`
`2378`	`2434`	`#define MY_MQTT_CLIENT_KEY`
`2379`	`2435`	`#define MY_SIGNAL_REPORT_ENABLED`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 97a70a1

File tree

6 files changed

6 files changed

`‎.ci/arduino.groovy‎`

`‎MyConfig.h‎`

0 commit comments