Fixed an SSL problem & added test.mosquitto.org example certs. Update…

…d license notice.

.env

@@ -1,5 +1,7 @@
 GATEWAY_CONFIG=./config/config.cfg
 HARDWARE_WHITELIST=./config/hardware-whitelist.txt
 SERIALPORT_BLACKLIST=./config/port-blacklist.txt
-MQTT_CERT=./config/cert/trustid-x3-root.pem
+MQTT_SERVER_CERT=./config/cert/mosquitto.org.crt
+MQTT_CLIENT_CERT=./config/cert/client.crt
+MQTT_CLIENT_KEY=./config/cert/client.key
 LOG_PATH=./logs

NOTICE

@@ -1,4 +1,4 @@
-   Copyright 2019 Jan-Eric Schober
+   Copyright 2019-2022 Jan-Eric Schober
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -191,15 +191,17 @@ On top of the mandatory configuration keys defined [here](https://github.com/je-
 
 | Key | Purpose | Value Description | Default |
 | --- | ------- | ----------------- | ------- |
-| GATEWAY_ID | ID of the gateway<br>Needed to use and distinguish multiple gateways on the same topic level from one another<br>Is also important to be able to receive gateway commands | String | `testgateway1` |
+| GATEWAY_ID | - ID of the gateway<br>- Needed to use and distinguish multiple gateways on the same topic level from one another<br>- Is also required to be able to receive gateway commands | String | `testgateway1` |
 | MQTT_PROTOCOL | Specifies the protocol to use for communication with a broker | String<br><br>- `tcp` for unencrypted MQTT/TCP communication<br>- `ssl` for encrypted MQTT/TCP communication<br>- `ws` for unencrypted websocket communication<br>- `wss` for encrypted websocket communication | `tcp`
-| MQTT_CA_FILE | Configuration on whether to use a CA file or not, in case you want to use encrypted communication for MQTT | String<br><br>- `none` if no CA file is used<br>- `<path/to/caFile>` if a CA file is used | `none` |
-| MQTT_KEY_FILE | Configuration on whether to use a client key file or not, in case you want to use encrypted communication for MQTT | String<br><br>- `none` if no key file is used<br>- `<path/to/keyFile>` if a key file is used | `none` |
+| MQTT_CERTIFICATE_AUTHORITY_PATH | Specifies the location of all trusted CA files, in case you want to use encrypted communication for MQTT | String<br><br>- `none` if no CA trust store is used<br>- `<path/to/ca/files>` if a CA trust store is used | `/etc/ssl/certs/` |
+| MQTT_SERVER_CERTIFICATE_FILE | Configuration on whether to use a server certificate or not, in case you want to use encrypted communication for MQTT | String<br><br>- `none` if no server certificate is used<br>- `<path/to/serverCertificateFile>` if a server certificate is used | `none` |
+| MQTT_CLIENT_CERTIFICATE_FILE | Configuration on whether to use a client certificate or not, in case you want to use encrypted communication for MQTT | String<br><br>- `none` if no client certificate is used<br>- `<path/to/clientCertificateFile>` if a client certificate is used | `none` |
+| MQTT_CLIENT_KEY_FILE | Configuration on whether to use a client certificate or not, in case you want to use encrypted communication for MQTT | String<br><br>- `none` if no client certificate is used<br>- `<path/to/clientKeyFile>` if a client certificate is used | `none` |
 | MQTT_HOST | MQTT host, where the broker is running | String<br><br> Hostname or IP | `test.mosquitto.org` |
 | MQTT_PORT | MQTT port, where the broker is listening on | Port number | `1883` |
 | MQTT_WAIT_UNTIL_RECONNECT | Time to wait until the next reconnect attempt in ms | Integer | `1000` |
-| MQTT_USERNAME | MQTT username to use when logging in | String<br><br>Can be empty | `test` |
-| MQTT_PASSWORD | MQTT password to use when logging in | String<br><br>Can be empty | `Test1234` |
+| MQTT_USERNAME | MQTT username to use when logging in | String<br><br>Can be empty |  |
+| MQTT_PASSWORD | MQTT password to use when logging in | String<br><br>Can be empty |  |
 | MQTT_TOPIC_PREFIX | MQTT topic prefix which should be used<br>Is set before every topic the Serial2MqttGateway is publishing on | String<br><br>Can be empty | `test/gateways` |
 
 ### Hardware ID Whitelist
@@ -268,7 +270,7 @@ Meaning: If more ports should be used than when the container was initially star
 
 # License
 ```
-   Copyright 2019 Jan-Eric Schober
+   Copyright 2019-2022 Jan-Eric Schober
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

config/cert/client.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDajCCAlKgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCR0Ix
+FzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTESMBAGA1UE
+CgwJTW9zcXVpdHRvMQswCQYDVQQLDAJDQTEWMBQGA1UEAwwNbW9zcXVpdHRvLm9y
+ZzEfMB0GCSqGSIb3DQEJARYQcm9nZXJAYXRjaG9vLm9yZzAeFw0yMjAyMjEyMjE2
+MjZaFw0yMjA1MjIyMjE2MjZaMEQxCzAJBgNVBAYTAkRFMQwwCgYDVQQIDANMb2wx
+CjAIBgNVBAcMAWwxDDAKBgNVBAoMA0xPTDENMAsGA1UEAwwETE9MTzCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTwEdbtFr0tBU54eYgKb7GXEI3BjvhN
+8GGwR+PCycB6m2qE+Bbw0CjKfDyndhabHD5R3CyG/ppw3DEKwDzwX7zE8AwnBSkB
+03usNP3gKSSxhWlkjJOCI3WLZv+X2NGhLqL2wUggZkHAIIVFS9RldwFA5V/HnG6M
+3NI+qt/KuEQMDioQbdMtGyv4Sej0WkFAAI1++mjsttpFnwmQhbcF7bb3yBaqeOFi
+umuMWGIIF8jSXSgeGJ+SuxWpIvUKstCz8DBcxhH98LoqZAy17eeD3n9ONd3uZqoi
+qX/SlAPQXp2cJm9LiwRSSwlmWgfucNZlgusiKg2jroBZD6nB/wdqgS8CAwEAAaMa
+MBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQELBQADggEBAJnC
+4w201ky76MnOkqyo3FxbXSUCu8KjAGBYieZq+aGMchvlefK1arGCbBHY3OjPzIEU
+z3xal46KDUL3NV00DgflCyKdMsa7l9zqOkZGW3IIkK05oSrK1NZOtcTXc9wHQr0T
+0jR9OhM6WS2E93/VKaAVGBCA5CwsYNJp/Qu3sdbrIMEqhXtN8Tdv3u9oaXTm1SqC
+0ymc9W+yy2ki9/i4HWCCw/jetUn9MVQ5GrogWDkhf7IE8F8lYgwNiLtu+0OwD9tJ
+RZXTAsrUjR7Qsdvu4jATzzGFUvAKuq+9QU7Yya/QWz85+YbbKw4cfP0ndosg40sZ
+6LaqJRQroKQ4wAguxU0=
+-----END CERTIFICATE-----

config/cert/client.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICiTCCAXECAQAwRDELMAkGA1UEBhMCREUxDDAKBgNVBAgMA0xvbDEKMAgGA1UE
+BwwBbDEMMAoGA1UECgwDTE9MMQ0wCwYDVQQDDARMT0xPMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAxPAR1u0WvS0FTnh5iApvsZcQjcGO+E3wYbBH48LJ
+wHqbaoT4FvDQKMp8PKd2FpscPlHcLIb+mnDcMQrAPPBfvMTwDCcFKQHTe6w0/eAp
+JLGFaWSMk4IjdYtm/5fY0aEuovbBSCBmQcAghUVL1GV3AUDlX8ecbozc0j6q38q4
+RAwOKhBt0y0bK/hJ6PRaQUAAjX76aOy22kWfCZCFtwXttvfIFqp44WK6a4xYYggX
+yNJdKB4Yn5K7Faki9Qqy0LPwMFzGEf3wuipkDLXt54Pef0413e5mqiKpf9KUA9Be
+nZwmb0uLBFJLCWZaB+5w1mWC6yIqDaOugFkPqcH/B2qBLwIDAQABoAAwDQYJKoZI
+hvcNAQELBQADggEBALOPSGk3TOjj2xtsHT8h9jJdgC6CHQ5PBsho8K5a11qqin/L
+woEUIfGFh7SDowc9byCx0y9Dx1wr6PcgBxRw8UJ2npS+1LQ0Mal8kmhGJTgnYUWk
+vlmPVhCI7KoMrH7LrWVUtOTAdep67IwNb/rsdEkXmRw8HOIxjFtRu+XXNL9rEMwS
+B3mBL85XlYJzZQXG1zgU1teA620/T8H1EW7xWJUk3QElY3zNAzERz3q5OSoD7mda
+GVJD2ShYCnPguFsLb3WpmRWN+UWLBoY9DAIOOUTOtoEyOhZsrLzRf7/cDydEqPyy
+a0KXSeekD3X2UXHXbN4ZUcpWsip+8L4ze6Ak3eM=
+-----END CERTIFICATE REQUEST-----

config/cert/client.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpgIBAAKCAQEAxPAR1u0WvS0FTnh5iApvsZcQjcGO+E3wYbBH48LJwHqbaoT4
+FvDQKMp8PKd2FpscPlHcLIb+mnDcMQrAPPBfvMTwDCcFKQHTe6w0/eApJLGFaWSM
+k4IjdYtm/5fY0aEuovbBSCBmQcAghUVL1GV3AUDlX8ecbozc0j6q38q4RAwOKhBt
+0y0bK/hJ6PRaQUAAjX76aOy22kWfCZCFtwXttvfIFqp44WK6a4xYYggXyNJdKB4Y
+n5K7Faki9Qqy0LPwMFzGEf3wuipkDLXt54Pef0413e5mqiKpf9KUA9BenZwmb0uL
+BFJLCWZaB+5w1mWC6yIqDaOugFkPqcH/B2qBLwIDAQABAoIBAQC6U8EtLkhTWCMr
+KUUi92zSA3GADV/tgiAq7RQ3Y/ZqjBY7Y+8uFU19Kob9BBvwK3U/aUf9QQPmr11F
+cTyM64hJG7NabBivwbCL1FSW1t1WgDcPjjiK35gZAHnE3bAgNnXfbcNVMIJPNy4N
+qZCjNhSwNOxQAJX66n+K1AvrjOtmRLDFvIQ9bQv7zuceBj7Rm30sWnZn43jVn7Mo
+tKzXjrlQT3idfyfar72gMWcZlGQIC7tQXOScmau4iA79c36g2qZTSnMSSmjnKrD9
+7UfThTE7HzhvWqb1rQbjPFQKtVn9nkV8Uv3YMJ33rhxkj81QJ5LYnhBXcmC+SV9k
+VhMIE19RAoGBAOITw4crAC3VZGEUp6GlxjPDpJAv4zSZl133zTK9bkwG5RxDt/4L
+KYLDL4FMph38uH7UV4fi8M+Y+CQFuGqv+Nu03E1IguXCU3ouF8I/X7b7p3JiQqVe
+OlN+5Jd1FpgAzFlsOYPYDxfZtDnhUOdNepU60MtkYaPmR1itL4JBz2FNAoGBAN8A
+93A7QcEd9DwkKqXuFIeVwnUc2OuJWcVXQb6mFILI6nI73W0uEOM8VB+YQzG9CnAz
+ICT5Lo5pDFsv4gpYdkirKNo8eTRt+lYpPNW8lP669wjIsLENmSm4BW6RzuMDdwfZ
+zpDCQxeKLbhUV+NCKnBxFpUUHL4YdFUn3gTqxS5rAoGBANLnARcNxGL9mWD/dcpU
+7evIbbKdGeYuCol87I6TLVv7aqzNd82k+Bqmn6CNssJyymJ3ERkRWvkviP2B4KKW
+ex/rP0FRjdttR5bJfRyXJmF7rqAEjovatarCy9mHP4aZ6Ajb72PRoXLsgzcjvOeq
+3dptPe8gO/48iv5swc9QOXhZAoGBANEpWevlWHYmfzaNgYbieFT3bU1lAjxhNlb2
+0Y5cva4xflwotDW8WFCZ/BkqOhQDyC+WdFbZdQZTlyhMEAo+EKt2BjozMEexw3Re
+91VNrL4DZMLTYY6fP4I2vLmJfu/EBzfQ3YM/AaipjNpwGYLpQ171YwXuuErAKxTX
+8NDR1qIDAoGBAKz8/u6RB7J+qvIjbK6O2MoM65q/hqkFSci4UyKMw/UDaALnJXRi
+m090L5tLvm+uSmmhxhS6MbsucuYAxGI5zJCIhN9olH1Syxt08RTuee3o+FWeOYNR
+ZdyYTX062YATk58fjmQe3EpTDiXP5ReNIueVDSOMizDkyNMLBOjseYsC
+-----END RSA PRIVATE KEY-----

config/cert/mosquitto.org.crt

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEAzCCAuugAwIBAgIUBY1hlCGvdj4NhBXkZ/uLUZNILAwwDQYJKoZIhvcNAQEL
+BQAwgZAxCzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwG
+A1UEBwwFRGVyYnkxEjAQBgNVBAoMCU1vc3F1aXR0bzELMAkGA1UECwwCQ0ExFjAU
+BgNVBAMMDW1vc3F1aXR0by5vcmcxHzAdBgkqhkiG9w0BCQEWEHJvZ2VyQGF0Y2hv
+by5vcmcwHhcNMjAwNjA5MTEwNjM5WhcNMzAwNjA3MTEwNjM5WjCBkDELMAkGA1UE
+BhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTES
+MBAGA1UECgwJTW9zcXVpdHRvMQswCQYDVQQLDAJDQTEWMBQGA1UEAwwNbW9zcXVp
+dHRvLm9yZzEfMB0GCSqGSIb3DQEJARYQcm9nZXJAYXRjaG9vLm9yZzCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAME0HKmIzfTOwkKLT3THHe+ObdizamPg
+UZmD64Tf3zJdNeYGYn4CEXbyP6fy3tWc8S2boW6dzrH8SdFf9uo320GJA9B7U1FW
+Te3xda/Lm3JFfaHjkWw7jBwcauQZjpGINHapHRlpiCZsquAthOgxW9SgDgYlGzEA
+s06pkEFiMw+qDfLo/sxFKB6vQlFekMeCymjLCbNwPJyqyhFmPWwio/PDMruBTzPH
+3cioBnrJWKXc3OjXdLGFJOfj7pP0j/dr2LH72eSvv3PQQFl90CZPFhrCUcRHSSxo
+E6yjGOdnz7f6PveLIB574kQORwt8ePn0yidrTC1ictikED3nHYhMUOUCAwEAAaNT
+MFEwHQYDVR0OBBYEFPVV6xBUFPiGKDyo5V3+Hbh4N9YSMB8GA1UdIwQYMBaAFPVV
+6xBUFPiGKDyo5V3+Hbh4N9YSMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADggEBAGa9kS21N70ThM6/Hj9D7mbVxKLBjVWe2TPsGfbl3rEDfZ+OKRZ2j6AC
+6r7jb4TZO3dzF2p6dgbrlU71Y/4K0TdzIjRj3cQ3KSm41JvUQ0hZ/c04iGDg/xWf
++pp58nfPAYwuerruPNWmlStWAXf0UTqRtg4hQDWBuUFDJTuWuuBvEXudz74eh/wK
+sMwfu1HFvjy5Z0iMDU8PUDepjVolOCue9ashlS4EB5IECdSR2TItnAIiIwimx839
+LdUdRudafMu5T5Xma182OC0/u/xRlEm+tvKGGmfFcN0piqVl8OrSPBgIlb+1IKJE
+m/XriWr/Cq4h/JfB7NTsezVslgkBaoU=
+-----END CERTIFICATE-----

config/config.cfg

@@ -10,10 +10,13 @@ MQTT_PROTOCOL=tcp
 MQTT_HOST=test.mosquitto.org
 MQTT_PORT=1883
 MQTT_WAIT_UNTIL_RECONNECT=1000
-#MQTT_SERVER_CERTIFICATE_FILE=/config/cert/lets-encrypt-r3
+MQTT_CERTIFICATE_AUTHORITY_PATH=/etc/ssl/certs/
 MQTT_SERVER_CERTIFICATE_FILE=none
+#MQTT_SERVER_CERTIFICATE_FILE=/config/cert/mosquitto.org.crt
 MQTT_CLIENT_CERTIFICATE_FILE=none
+#MQTT_CLIENT_CERTIFICATE_FILE=/config/cert/client.crt
 MQTT_CLIENT_KEY_FILE=none
+#MQTT_CLIENT_KEY_FILE=/config/cert/client.key
 MQTT_USERNAME=
 MQTT_PASSWORD=
 MQTT_TOPIC_PREFIX=test/gateways

docker-compose.yml

@@ -9,8 +9,10 @@ services:
             - ${GATEWAY_CONFIG}:/config/config.cfg
             - ${HARDWARE_WHITELIST}:/config/hardware-whitelist.txt
             - ${SERIALPORT_BLACKLIST}:/config/port-blacklist.txt
-            - ${MQTT_CERT}:/config/cert/trustid-x3-root.pem
-#            - ${LOG_PATH}:/logs
+            - ${MQTT_SERVER_CERT}:/config/cert/mosquitto.org.crt
+            - ${MQTT_CLIENT_CERT}:/config/cert/client.crt
+            - ${MQTT_CLIENT_KEY}:/config/cert/client.key
+            #            - ${LOG_PATH}:/logs
         stdin_open: true
         tty: true
         entrypoint: /bin/bash
@@ -22,8 +24,10 @@ services:
             - ${GATEWAY_CONFIG}:/config/config.cfg
             - ${HARDWARE_WHITELIST}:/config/hardware-whitelist.txt
             - ${SERIALPORT_BLACKLIST}:/config/port-blacklist.txt
-            - ${MQTT_CERT}:/config/cert/trustid-x3-root.pem
-#            - ${LOG_PATH}:/logs
+            - ${MQTT_SERVER_CERT}:/config/cert/mosquitto.org.crt
+            - ${MQTT_CLIENT_CERT}:/config/cert/client.crt
+            - ${MQTT_CLIENT_KEY}:/config/cert/client.key
+            #            - ${LOG_PATH}:/logs
         stdin_open: true
         tty: true
         restart: unless-stopped

src/Serial2MqttGateway.cpp

@@ -16,6 +16,7 @@
 
 #include "Serial2MqttGateway.hpp"
 
+const std::string Serial2MqttGateway::MQTT_SSL_NO_PATH = "none";
 const std::string Serial2MqttGateway::MQTT_SSL_NO_FILE = "none";
 const std::string Serial2MqttGateway::MQTT_PROTOCOL_SSL = "ssl";
 const std::string Serial2MqttGateway::MQTT_PROTOCOL_WSS = "wss";
@@ -118,6 +119,16 @@ std::string Serial2MqttGateway::getMqttServerUri()
     return std::string( getMqttProtocol() + "://" + getMqttHost() + ":" + std::to_string( getMqttPort() ) );
 }
 
+void Serial2MqttGateway::setMqttCertificateAuthorityPath( std::string mqttCertificateAuthorityPath )
+{
+    this->mqttCertificateAuthorityPath = mqttCertificateAuthorityPath;
+}
+
+std::string Serial2MqttGateway::getMqttCertificateAuthorityPath()
+{
+    return this->mqttCertificateAuthorityPath;
+}
+
 void Serial2MqttGateway::setMqttServerCertificateFile( std::string mqttServerCertificateFile )
 {
     this->mqttServerCertificateFile = mqttServerCertificateFile;
@@ -216,6 +227,7 @@ void Serial2MqttGateway::loadConfig()
     std::string mqttHost = config->getString( "MQTT_HOST" );
     int mqttPort = config->getInteger( "MQTT_PORT" );
     int mqttWaitUntilReconnect = config->getInteger( "MQTT_WAIT_UNTIL_RECONNECT" );
+    std::string mqttCertificateAuthorityPath = config->getString( "MQTT_CERTIFICATE_AUTHORITY_PATH" );
     std::string mqttServerCertificateFile = config->getString( "MQTT_SERVER_CERTIFICATE_FILE" );
     std::string mqttClientCertificateFile = config->getString( "MQTT_CLIENT_CERTIFICATE_FILE" );
     std::string mqttClientKeyFile = config->getString( "MQTT_CLIENT_KEY_FILE" );
@@ -228,6 +240,7 @@ void Serial2MqttGateway::loadConfig()
     setMqttHost( mqttHost );
     setMqttPort( mqttPort );
     setMqttWaitUntilReconnect( mqttWaitUntilReconnect );
+    setMqttCertificateAuthorityPath( mqttCertificateAuthorityPath );
     setMqttServerCertificateFile( mqttServerCertificateFile );
     setMqttClientCertificateFile( mqttClientCertificateFile );
     setMqttClientKeyFile( mqttClientKeyFile );
@@ -256,10 +269,21 @@ void Serial2MqttGateway::initMqtt()
         getLoggerInstance()->writeInfo( std::string( "MQTT: SSL: Initialising for transport protocol '" + protocol + "'." ) );
         mqtt::ssl_options sslOptions = mqtt::ssl_options();
 
+        std::string mqttCertificateAuthorityPath = getMqttCertificateAuthorityPath();
         std::string mqttServerCertificateFile = getMqttServerCertificateFile();
         std::string mqttClientCertificateFile = getMqttClientCertificateFile();
         std::string mqttClientKeyFile = getMqttClientKeyFile();
 
+        if ( mqttCertificateAuthorityPath != MQTT_SSL_NO_PATH )
+        {
+            sslOptions.ca_path( mqttCertificateAuthorityPath );
+            getLoggerInstance()->writeInfo( std::string( "MQTT: SSL: Set Certificate Authority directory to '" + mqttCertificateAuthorityPath + "'." ) );
+        }
+        else
+        {
+            getLoggerInstance()->writeInfo( std::string( "MQTT: SSL: No Certificate Authority directory given." ) );
+        }
+
         if ( mqttServerCertificateFile != MQTT_SSL_NO_FILE )
         {
             sslOptions.set_trust_store( mqttServerCertificateFile );
@@ -350,11 +374,11 @@ void Serial2MqttGateway::connectToMqttBroker()
         getLoggerInstance()->writeInfo( std::string( "MQTT: Connecting to MQTT-Broker \"" + getMqttServerUri() + "\"." ) );
         getLoggerInstance()->writeInfo( std::string( "MQTT: Waiting for connection to MQTT-Broker..." ) );
 
-        getMqttClientInstance()->connect()->wait();
+        getMqttClientInstance()->connect( getMqttConnectionOptions() )->wait();
     }
     catch ( const mqtt::exception & e )
     {
-        getLoggerInstance()->writeError( std::string( "MQTT: Couldn't connect to MQTT-Broker. Reason code: \"" + std::to_string( e.get_reason_code() ) + "\", message: \"" + e.get_message() + "\". Retrying... " ) );
+        getLoggerInstance()->writeError( std::string( "MQTT: Couldn't connect to MQTT-Broker. Reason code: \"" + std::to_string( e.get_reason_code() ) + "\", message: \"" + e.get_message() + "\", what: \"" + e.what() + "\". Retrying... " ) );
         std::this_thread::sleep_for( std::chrono::milliseconds( getMqttWaitUntilReconnect() ) );
         std::thread( &Serial2MqttGateway::connectToMqttBroker, this ).detach();
     }
@@ -370,7 +394,7 @@ void Serial2MqttGateway::reconnectToMqttBroker()
     }
     catch ( const mqtt::exception & e )
     {
-        getLoggerInstance()->writeError( std::string( "MQTT: Error while reconnecting to MQTT-Broker. Reason code: \"" + std::to_string( e.get_reason_code() ) + "\", message: \"" + e.get_message() + "\". Retrying... " ) );
+        getLoggerInstance()->writeError( std::string( "MQTT: Error while reconnecting to MQTT-Broker. Reason code: \"" + std::to_string( e.get_reason_code() ) + "\", message: \"" + e.get_message() + "\", what: \"" + e.what() + "\". Retrying... " ) );
         std::this_thread::sleep_for( std::chrono::milliseconds( getMqttWaitUntilReconnect() ) );
         std::thread( &Serial2MqttGateway::reconnectToMqttBroker, this ).detach();
     }

src/Serial2MqttGateway.hpp

@@ -32,6 +32,7 @@ class Serial2MqttGateway : public SerialPortGateway // Inherits from SerialPortG
 {
 private:
     // Constants
+    static const std::string MQTT_SSL_NO_PATH;
     static const std::string MQTT_SSL_NO_FILE;
     static const std::string MQTT_PROTOCOL_SSL;
     static const std::string MQTT_PROTOCOL_WSS;
@@ -60,6 +61,7 @@ class Serial2MqttGateway : public SerialPortGateway // Inherits from SerialPortG
     std::string mqttHost;
     int mqttPort;
     int mqttWaitUntilReconnect;
+    std::string mqttCertificateAuthorityPath;
     std::string mqttServerCertificateFile;
     std::string mqttClientCertificateFile;
     std::string mqttClientKeyFile;
@@ -81,6 +83,8 @@ class Serial2MqttGateway : public SerialPortGateway // Inherits from SerialPortG
     void setMqttWaitUntilReconnect( int mqttWaitUntilReconnect );
     int getMqttWaitUntilReconnect();
     std::string getMqttServerUri();
+    void setMqttCertificateAuthorityPath( std::string mqttCertificateAuthorityPath );
+    std::string getMqttCertificateAuthorityPath();
     void setMqttServerCertificateFile( std::string mqttServerCertificateFile );
     std::string getMqttServerCertificateFile();
     void setMqttClientCertificateFile( std::string mqttClientCertificateFile );