Added support for MQTTs without CA validation and public/private key

UtilitechAS · Oct 11, 2023 · 17d8d32 · 17d8d32
1 parent 88ddc6e
commit 17d8d32
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/src/AmsToMqttBridge.cpp b/src/AmsToMqttBridge.cpp
@@ -1863,7 +1863,12 @@ void MQTT_connect() {
 						BearSSL::X509List *serverTrustedCA = new BearSSL::X509List(file);
 						mqttSecureClient->setTrustAnchors(serverTrustedCA);
 					#elif defined(ESP32)
-						mqttSecureClient->loadCACert(file, file.size());
+						if(mqttSecureClient->loadCACert(file, file.size())) {
+							debugI_P(PSTR("CA accepted"));
+						} else {
+							debugW_P(PSTR("CA was rejected, disabling certificate validation"));
+							mqttSecureClient->setInsecure();
+						}
 					#endif
 					file.close();
 
@@ -1892,9 +1897,12 @@ void MQTT_connect() {
 							mqttSecureClient->loadPrivateKey(file, file.size());
 							file.close();
 						#endif
-						mqttClient = mqttSecureClient;
 					}
+				} else {
+					debugI_P(PSTR("No CA, disabling certificate validation"));
+					mqttSecureClient->setInsecure();
 				}
+				mqttClient = mqttSecureClient;
 
 				LittleFS.end();
 				debugD_P(PSTR("MQTT SSL setup complete (%dkb free heap)"), ESP.getFreeHeap());
@@ -1903,6 +1911,7 @@ void MQTT_connect() {
 	}
 
 	if(mqttClient == NULL) {
+		debugI_P(PSTR("No SSL, using client without SSL support"));
 		mqttClient = new WiFiClient();
 	}