From 702e0943a74e517a3f00c87b31235ecef88143c7 Mon Sep 17 00:00:00 2001 From: jes Date: Tue, 22 Feb 2022 00:59:23 +0100 Subject: [PATCH] Fixed an SSL problem & added test.mosquitto.org example certs. Updated license notice. --- .env | 4 +++- NOTICE | 2 +- README.md | 14 ++++++++------ config/cert/client.crt | 21 +++++++++++++++++++++ config/cert/client.csr | 16 ++++++++++++++++ config/cert/client.key | 27 +++++++++++++++++++++++++++ config/cert/mosquitto.org.crt | 24 ++++++++++++++++++++++++ config/config.cfg | 5 ++++- docker-compose.yml | 12 ++++++++---- src/Serial2MqttGateway.cpp | 30 +++++++++++++++++++++++++++--- src/Serial2MqttGateway.hpp | 4 ++++ 11 files changed, 143 insertions(+), 16 deletions(-) create mode 100644 config/cert/client.crt create mode 100644 config/cert/client.csr create mode 100644 config/cert/client.key create mode 100644 config/cert/mosquitto.org.crt diff --git a/.env b/.env index 31a0b65..ac2d793 100644 --- a/.env +++ b/.env @@ -1,5 +1,7 @@ GATEWAY_CONFIG=./config/config.cfg HARDWARE_WHITELIST=./config/hardware-whitelist.txt SERIALPORT_BLACKLIST=./config/port-blacklist.txt -MQTT_CERT=./config/cert/trustid-x3-root.pem +MQTT_SERVER_CERT=./config/cert/mosquitto.org.crt +MQTT_CLIENT_CERT=./config/cert/client.crt +MQTT_CLIENT_KEY=./config/cert/client.key LOG_PATH=./logs diff --git a/NOTICE b/NOTICE index 08f1c88..4b857a7 100644 --- a/NOTICE +++ b/NOTICE @@ -1,4 +1,4 @@ - Copyright 2019 Jan-Eric Schober + Copyright 2019-2022 Jan-Eric Schober Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/README.md b/README.md index dccb589..0679078 100644 --- a/README.md +++ b/README.md @@ -191,15 +191,17 @@ On top of the mandatory configuration keys defined [here](https://github.com/je- | Key | Purpose | Value Description | Default | | --- | ------- | ----------------- | ------- | -| GATEWAY_ID | ID of the gateway
Needed to use and distinguish multiple gateways on the same topic level from one another
Is also important to be able to receive gateway commands | String | `testgateway1` | +| GATEWAY_ID | - ID of the gateway
- Needed to use and distinguish multiple gateways on the same topic level from one another
- Is also required to be able to receive gateway commands | String | `testgateway1` | | MQTT_PROTOCOL | Specifies the protocol to use for communication with a broker | String

- `tcp` for unencrypted MQTT/TCP communication
- `ssl` for encrypted MQTT/TCP communication
- `ws` for unencrypted websocket communication
- `wss` for encrypted websocket communication | `tcp` -| MQTT_CA_FILE | Configuration on whether to use a CA file or not, in case you want to use encrypted communication for MQTT | String

- `none` if no CA file is used
- `` if a CA file is used | `none` | -| MQTT_KEY_FILE | Configuration on whether to use a client key file or not, in case you want to use encrypted communication for MQTT | String

- `none` if no key file is used
- `` if a key file is used | `none` | +| MQTT_CERTIFICATE_AUTHORITY_PATH | Specifies the location of all trusted CA files, in case you want to use encrypted communication for MQTT | String

- `none` if no CA trust store is used
- `` if a CA trust store is used | `/etc/ssl/certs/` | +| MQTT_SERVER_CERTIFICATE_FILE | Configuration on whether to use a server certificate or not, in case you want to use encrypted communication for MQTT | String

- `none` if no server certificate is used
- `` if a server certificate is used | `none` | +| MQTT_CLIENT_CERTIFICATE_FILE | Configuration on whether to use a client certificate or not, in case you want to use encrypted communication for MQTT | String

- `none` if no client certificate is used
- `` if a client certificate is used | `none` | +| MQTT_CLIENT_KEY_FILE | Configuration on whether to use a client certificate or not, in case you want to use encrypted communication for MQTT | String

- `none` if no client certificate is used
- `` if a client certificate is used | `none` | | MQTT_HOST | MQTT host, where the broker is running | String

Hostname or IP | `test.mosquitto.org` | | MQTT_PORT | MQTT port, where the broker is listening on | Port number | `1883` | | MQTT_WAIT_UNTIL_RECONNECT | Time to wait until the next reconnect attempt in ms | Integer | `1000` | -| MQTT_USERNAME | MQTT username to use when logging in | String

Can be empty | `test` | -| MQTT_PASSWORD | MQTT password to use when logging in | String

Can be empty | `Test1234` | +| MQTT_USERNAME | MQTT username to use when logging in | String

Can be empty | | +| MQTT_PASSWORD | MQTT password to use when logging in | String

Can be empty | | | MQTT_TOPIC_PREFIX | MQTT topic prefix which should be used
Is set before every topic the Serial2MqttGateway is publishing on | String

Can be empty | `test/gateways` | ### Hardware ID Whitelist @@ -268,7 +270,7 @@ Meaning: If more ports should be used than when the container was initially star # License ``` - Copyright 2019 Jan-Eric Schober + Copyright 2019-2022 Jan-Eric Schober Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/config/cert/client.crt b/config/cert/client.crt new file mode 100644 index 0000000..8519704 --- /dev/null +++ b/config/cert/client.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDajCCAlKgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCR0Ix +FzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTESMBAGA1UE +CgwJTW9zcXVpdHRvMQswCQYDVQQLDAJDQTEWMBQGA1UEAwwNbW9zcXVpdHRvLm9y +ZzEfMB0GCSqGSIb3DQEJARYQcm9nZXJAYXRjaG9vLm9yZzAeFw0yMjAyMjEyMjE2 +MjZaFw0yMjA1MjIyMjE2MjZaMEQxCzAJBgNVBAYTAkRFMQwwCgYDVQQIDANMb2wx +CjAIBgNVBAcMAWwxDDAKBgNVBAoMA0xPTDENMAsGA1UEAwwETE9MTzCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTwEdbtFr0tBU54eYgKb7GXEI3BjvhN +8GGwR+PCycB6m2qE+Bbw0CjKfDyndhabHD5R3CyG/ppw3DEKwDzwX7zE8AwnBSkB +03usNP3gKSSxhWlkjJOCI3WLZv+X2NGhLqL2wUggZkHAIIVFS9RldwFA5V/HnG6M +3NI+qt/KuEQMDioQbdMtGyv4Sej0WkFAAI1++mjsttpFnwmQhbcF7bb3yBaqeOFi +umuMWGIIF8jSXSgeGJ+SuxWpIvUKstCz8DBcxhH98LoqZAy17eeD3n9ONd3uZqoi +qX/SlAPQXp2cJm9LiwRSSwlmWgfucNZlgusiKg2jroBZD6nB/wdqgS8CAwEAAaMa +MBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQELBQADggEBAJnC +4w201ky76MnOkqyo3FxbXSUCu8KjAGBYieZq+aGMchvlefK1arGCbBHY3OjPzIEU +z3xal46KDUL3NV00DgflCyKdMsa7l9zqOkZGW3IIkK05oSrK1NZOtcTXc9wHQr0T +0jR9OhM6WS2E93/VKaAVGBCA5CwsYNJp/Qu3sdbrIMEqhXtN8Tdv3u9oaXTm1SqC +0ymc9W+yy2ki9/i4HWCCw/jetUn9MVQ5GrogWDkhf7IE8F8lYgwNiLtu+0OwD9tJ +RZXTAsrUjR7Qsdvu4jATzzGFUvAKuq+9QU7Yya/QWz85+YbbKw4cfP0ndosg40sZ +6LaqJRQroKQ4wAguxU0= +-----END CERTIFICATE----- diff --git a/config/cert/client.csr b/config/cert/client.csr new file mode 100644 index 0000000..73daae2 --- /dev/null +++ b/config/cert/client.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICiTCCAXECAQAwRDELMAkGA1UEBhMCREUxDDAKBgNVBAgMA0xvbDEKMAgGA1UE +BwwBbDEMMAoGA1UECgwDTE9MMQ0wCwYDVQQDDARMT0xPMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAxPAR1u0WvS0FTnh5iApvsZcQjcGO+E3wYbBH48LJ +wHqbaoT4FvDQKMp8PKd2FpscPlHcLIb+mnDcMQrAPPBfvMTwDCcFKQHTe6w0/eAp +JLGFaWSMk4IjdYtm/5fY0aEuovbBSCBmQcAghUVL1GV3AUDlX8ecbozc0j6q38q4 +RAwOKhBt0y0bK/hJ6PRaQUAAjX76aOy22kWfCZCFtwXttvfIFqp44WK6a4xYYggX +yNJdKB4Yn5K7Faki9Qqy0LPwMFzGEf3wuipkDLXt54Pef0413e5mqiKpf9KUA9Be +nZwmb0uLBFJLCWZaB+5w1mWC6yIqDaOugFkPqcH/B2qBLwIDAQABoAAwDQYJKoZI +hvcNAQELBQADggEBALOPSGk3TOjj2xtsHT8h9jJdgC6CHQ5PBsho8K5a11qqin/L +woEUIfGFh7SDowc9byCx0y9Dx1wr6PcgBxRw8UJ2npS+1LQ0Mal8kmhGJTgnYUWk +vlmPVhCI7KoMrH7LrWVUtOTAdep67IwNb/rsdEkXmRw8HOIxjFtRu+XXNL9rEMwS +B3mBL85XlYJzZQXG1zgU1teA620/T8H1EW7xWJUk3QElY3zNAzERz3q5OSoD7mda +GVJD2ShYCnPguFsLb3WpmRWN+UWLBoY9DAIOOUTOtoEyOhZsrLzRf7/cDydEqPyy +a0KXSeekD3X2UXHXbN4ZUcpWsip+8L4ze6Ak3eM= +-----END CERTIFICATE REQUEST----- diff --git a/config/cert/client.key b/config/cert/client.key new file mode 100644 index 0000000..f21fd14 --- /dev/null +++ b/config/cert/client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEAxPAR1u0WvS0FTnh5iApvsZcQjcGO+E3wYbBH48LJwHqbaoT4 +FvDQKMp8PKd2FpscPlHcLIb+mnDcMQrAPPBfvMTwDCcFKQHTe6w0/eApJLGFaWSM +k4IjdYtm/5fY0aEuovbBSCBmQcAghUVL1GV3AUDlX8ecbozc0j6q38q4RAwOKhBt +0y0bK/hJ6PRaQUAAjX76aOy22kWfCZCFtwXttvfIFqp44WK6a4xYYggXyNJdKB4Y +n5K7Faki9Qqy0LPwMFzGEf3wuipkDLXt54Pef0413e5mqiKpf9KUA9BenZwmb0uL +BFJLCWZaB+5w1mWC6yIqDaOugFkPqcH/B2qBLwIDAQABAoIBAQC6U8EtLkhTWCMr +KUUi92zSA3GADV/tgiAq7RQ3Y/ZqjBY7Y+8uFU19Kob9BBvwK3U/aUf9QQPmr11F +cTyM64hJG7NabBivwbCL1FSW1t1WgDcPjjiK35gZAHnE3bAgNnXfbcNVMIJPNy4N +qZCjNhSwNOxQAJX66n+K1AvrjOtmRLDFvIQ9bQv7zuceBj7Rm30sWnZn43jVn7Mo +tKzXjrlQT3idfyfar72gMWcZlGQIC7tQXOScmau4iA79c36g2qZTSnMSSmjnKrD9 +7UfThTE7HzhvWqb1rQbjPFQKtVn9nkV8Uv3YMJ33rhxkj81QJ5LYnhBXcmC+SV9k +VhMIE19RAoGBAOITw4crAC3VZGEUp6GlxjPDpJAv4zSZl133zTK9bkwG5RxDt/4L +KYLDL4FMph38uH7UV4fi8M+Y+CQFuGqv+Nu03E1IguXCU3ouF8I/X7b7p3JiQqVe +OlN+5Jd1FpgAzFlsOYPYDxfZtDnhUOdNepU60MtkYaPmR1itL4JBz2FNAoGBAN8A +93A7QcEd9DwkKqXuFIeVwnUc2OuJWcVXQb6mFILI6nI73W0uEOM8VB+YQzG9CnAz +ICT5Lo5pDFsv4gpYdkirKNo8eTRt+lYpPNW8lP669wjIsLENmSm4BW6RzuMDdwfZ +zpDCQxeKLbhUV+NCKnBxFpUUHL4YdFUn3gTqxS5rAoGBANLnARcNxGL9mWD/dcpU +7evIbbKdGeYuCol87I6TLVv7aqzNd82k+Bqmn6CNssJyymJ3ERkRWvkviP2B4KKW +ex/rP0FRjdttR5bJfRyXJmF7rqAEjovatarCy9mHP4aZ6Ajb72PRoXLsgzcjvOeq +3dptPe8gO/48iv5swc9QOXhZAoGBANEpWevlWHYmfzaNgYbieFT3bU1lAjxhNlb2 +0Y5cva4xflwotDW8WFCZ/BkqOhQDyC+WdFbZdQZTlyhMEAo+EKt2BjozMEexw3Re +91VNrL4DZMLTYY6fP4I2vLmJfu/EBzfQ3YM/AaipjNpwGYLpQ171YwXuuErAKxTX +8NDR1qIDAoGBAKz8/u6RB7J+qvIjbK6O2MoM65q/hqkFSci4UyKMw/UDaALnJXRi +m090L5tLvm+uSmmhxhS6MbsucuYAxGI5zJCIhN9olH1Syxt08RTuee3o+FWeOYNR +ZdyYTX062YATk58fjmQe3EpTDiXP5ReNIueVDSOMizDkyNMLBOjseYsC +-----END RSA PRIVATE KEY----- diff --git a/config/cert/mosquitto.org.crt b/config/cert/mosquitto.org.crt new file mode 100644 index 0000000..e76dbd8 --- /dev/null +++ b/config/cert/mosquitto.org.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEAzCCAuugAwIBAgIUBY1hlCGvdj4NhBXkZ/uLUZNILAwwDQYJKoZIhvcNAQEL +BQAwgZAxCzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwG +A1UEBwwFRGVyYnkxEjAQBgNVBAoMCU1vc3F1aXR0bzELMAkGA1UECwwCQ0ExFjAU +BgNVBAMMDW1vc3F1aXR0by5vcmcxHzAdBgkqhkiG9w0BCQEWEHJvZ2VyQGF0Y2hv +by5vcmcwHhcNMjAwNjA5MTEwNjM5WhcNMzAwNjA3MTEwNjM5WjCBkDELMAkGA1UE +BhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTES +MBAGA1UECgwJTW9zcXVpdHRvMQswCQYDVQQLDAJDQTEWMBQGA1UEAwwNbW9zcXVp +dHRvLm9yZzEfMB0GCSqGSIb3DQEJARYQcm9nZXJAYXRjaG9vLm9yZzCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAME0HKmIzfTOwkKLT3THHe+ObdizamPg +UZmD64Tf3zJdNeYGYn4CEXbyP6fy3tWc8S2boW6dzrH8SdFf9uo320GJA9B7U1FW +Te3xda/Lm3JFfaHjkWw7jBwcauQZjpGINHapHRlpiCZsquAthOgxW9SgDgYlGzEA +s06pkEFiMw+qDfLo/sxFKB6vQlFekMeCymjLCbNwPJyqyhFmPWwio/PDMruBTzPH +3cioBnrJWKXc3OjXdLGFJOfj7pP0j/dr2LH72eSvv3PQQFl90CZPFhrCUcRHSSxo +E6yjGOdnz7f6PveLIB574kQORwt8ePn0yidrTC1ictikED3nHYhMUOUCAwEAAaNT +MFEwHQYDVR0OBBYEFPVV6xBUFPiGKDyo5V3+Hbh4N9YSMB8GA1UdIwQYMBaAFPVV +6xBUFPiGKDyo5V3+Hbh4N9YSMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBAGa9kS21N70ThM6/Hj9D7mbVxKLBjVWe2TPsGfbl3rEDfZ+OKRZ2j6AC +6r7jb4TZO3dzF2p6dgbrlU71Y/4K0TdzIjRj3cQ3KSm41JvUQ0hZ/c04iGDg/xWf ++pp58nfPAYwuerruPNWmlStWAXf0UTqRtg4hQDWBuUFDJTuWuuBvEXudz74eh/wK +sMwfu1HFvjy5Z0iMDU8PUDepjVolOCue9ashlS4EB5IECdSR2TItnAIiIwimx839 +LdUdRudafMu5T5Xma182OC0/u/xRlEm+tvKGGmfFcN0piqVl8OrSPBgIlb+1IKJE +m/XriWr/Cq4h/JfB7NTsezVslgkBaoU= +-----END CERTIFICATE----- diff --git a/config/config.cfg b/config/config.cfg index ac0e050..44aa6cc 100644 --- a/config/config.cfg +++ b/config/config.cfg @@ -10,10 +10,13 @@ MQTT_PROTOCOL=tcp MQTT_HOST=test.mosquitto.org MQTT_PORT=1883 MQTT_WAIT_UNTIL_RECONNECT=1000 -#MQTT_SERVER_CERTIFICATE_FILE=/config/cert/lets-encrypt-r3 +MQTT_CERTIFICATE_AUTHORITY_PATH=/etc/ssl/certs/ MQTT_SERVER_CERTIFICATE_FILE=none +#MQTT_SERVER_CERTIFICATE_FILE=/config/cert/mosquitto.org.crt MQTT_CLIENT_CERTIFICATE_FILE=none +#MQTT_CLIENT_CERTIFICATE_FILE=/config/cert/client.crt MQTT_CLIENT_KEY_FILE=none +#MQTT_CLIENT_KEY_FILE=/config/cert/client.key MQTT_USERNAME= MQTT_PASSWORD= MQTT_TOPIC_PREFIX=test/gateways diff --git a/docker-compose.yml b/docker-compose.yml index 2ee48df..663b22c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,8 +9,10 @@ services: - ${GATEWAY_CONFIG}:/config/config.cfg - ${HARDWARE_WHITELIST}:/config/hardware-whitelist.txt - ${SERIALPORT_BLACKLIST}:/config/port-blacklist.txt - - ${MQTT_CERT}:/config/cert/trustid-x3-root.pem -# - ${LOG_PATH}:/logs + - ${MQTT_SERVER_CERT}:/config/cert/mosquitto.org.crt + - ${MQTT_CLIENT_CERT}:/config/cert/client.crt + - ${MQTT_CLIENT_KEY}:/config/cert/client.key + # - ${LOG_PATH}:/logs stdin_open: true tty: true entrypoint: /bin/bash @@ -22,8 +24,10 @@ services: - ${GATEWAY_CONFIG}:/config/config.cfg - ${HARDWARE_WHITELIST}:/config/hardware-whitelist.txt - ${SERIALPORT_BLACKLIST}:/config/port-blacklist.txt - - ${MQTT_CERT}:/config/cert/trustid-x3-root.pem -# - ${LOG_PATH}:/logs + - ${MQTT_SERVER_CERT}:/config/cert/mosquitto.org.crt + - ${MQTT_CLIENT_CERT}:/config/cert/client.crt + - ${MQTT_CLIENT_KEY}:/config/cert/client.key + # - ${LOG_PATH}:/logs stdin_open: true tty: true restart: unless-stopped diff --git a/src/Serial2MqttGateway.cpp b/src/Serial2MqttGateway.cpp index 90188a7..fc5b441 100644 --- a/src/Serial2MqttGateway.cpp +++ b/src/Serial2MqttGateway.cpp @@ -16,6 +16,7 @@ #include "Serial2MqttGateway.hpp" +const std::string Serial2MqttGateway::MQTT_SSL_NO_PATH = "none"; const std::string Serial2MqttGateway::MQTT_SSL_NO_FILE = "none"; const std::string Serial2MqttGateway::MQTT_PROTOCOL_SSL = "ssl"; const std::string Serial2MqttGateway::MQTT_PROTOCOL_WSS = "wss"; @@ -118,6 +119,16 @@ std::string Serial2MqttGateway::getMqttServerUri() return std::string( getMqttProtocol() + "://" + getMqttHost() + ":" + std::to_string( getMqttPort() ) ); } +void Serial2MqttGateway::setMqttCertificateAuthorityPath( std::string mqttCertificateAuthorityPath ) +{ + this->mqttCertificateAuthorityPath = mqttCertificateAuthorityPath; +} + +std::string Serial2MqttGateway::getMqttCertificateAuthorityPath() +{ + return this->mqttCertificateAuthorityPath; +} + void Serial2MqttGateway::setMqttServerCertificateFile( std::string mqttServerCertificateFile ) { this->mqttServerCertificateFile = mqttServerCertificateFile; @@ -216,6 +227,7 @@ void Serial2MqttGateway::loadConfig() std::string mqttHost = config->getString( "MQTT_HOST" ); int mqttPort = config->getInteger( "MQTT_PORT" ); int mqttWaitUntilReconnect = config->getInteger( "MQTT_WAIT_UNTIL_RECONNECT" ); + std::string mqttCertificateAuthorityPath = config->getString( "MQTT_CERTIFICATE_AUTHORITY_PATH" ); std::string mqttServerCertificateFile = config->getString( "MQTT_SERVER_CERTIFICATE_FILE" ); std::string mqttClientCertificateFile = config->getString( "MQTT_CLIENT_CERTIFICATE_FILE" ); std::string mqttClientKeyFile = config->getString( "MQTT_CLIENT_KEY_FILE" ); @@ -228,6 +240,7 @@ void Serial2MqttGateway::loadConfig() setMqttHost( mqttHost ); setMqttPort( mqttPort ); setMqttWaitUntilReconnect( mqttWaitUntilReconnect ); + setMqttCertificateAuthorityPath( mqttCertificateAuthorityPath ); setMqttServerCertificateFile( mqttServerCertificateFile ); setMqttClientCertificateFile( mqttClientCertificateFile ); setMqttClientKeyFile( mqttClientKeyFile ); @@ -256,10 +269,21 @@ void Serial2MqttGateway::initMqtt() getLoggerInstance()->writeInfo( std::string( "MQTT: SSL: Initialising for transport protocol '" + protocol + "'." ) ); mqtt::ssl_options sslOptions = mqtt::ssl_options(); + std::string mqttCertificateAuthorityPath = getMqttCertificateAuthorityPath(); std::string mqttServerCertificateFile = getMqttServerCertificateFile(); std::string mqttClientCertificateFile = getMqttClientCertificateFile(); std::string mqttClientKeyFile = getMqttClientKeyFile(); + if ( mqttCertificateAuthorityPath != MQTT_SSL_NO_PATH ) + { + sslOptions.ca_path( mqttCertificateAuthorityPath ); + getLoggerInstance()->writeInfo( std::string( "MQTT: SSL: Set Certificate Authority directory to '" + mqttCertificateAuthorityPath + "'." ) ); + } + else + { + getLoggerInstance()->writeInfo( std::string( "MQTT: SSL: No Certificate Authority directory given." ) ); + } + if ( mqttServerCertificateFile != MQTT_SSL_NO_FILE ) { sslOptions.set_trust_store( mqttServerCertificateFile ); @@ -350,11 +374,11 @@ void Serial2MqttGateway::connectToMqttBroker() getLoggerInstance()->writeInfo( std::string( "MQTT: Connecting to MQTT-Broker \"" + getMqttServerUri() + "\"." ) ); getLoggerInstance()->writeInfo( std::string( "MQTT: Waiting for connection to MQTT-Broker..." ) ); - getMqttClientInstance()->connect()->wait(); + getMqttClientInstance()->connect( getMqttConnectionOptions() )->wait(); } catch ( const mqtt::exception & e ) { - getLoggerInstance()->writeError( std::string( "MQTT: Couldn't connect to MQTT-Broker. Reason code: \"" + std::to_string( e.get_reason_code() ) + "\", message: \"" + e.get_message() + "\". Retrying... " ) ); + getLoggerInstance()->writeError( std::string( "MQTT: Couldn't connect to MQTT-Broker. Reason code: \"" + std::to_string( e.get_reason_code() ) + "\", message: \"" + e.get_message() + "\", what: \"" + e.what() + "\". Retrying... " ) ); std::this_thread::sleep_for( std::chrono::milliseconds( getMqttWaitUntilReconnect() ) ); std::thread( &Serial2MqttGateway::connectToMqttBroker, this ).detach(); } @@ -370,7 +394,7 @@ void Serial2MqttGateway::reconnectToMqttBroker() } catch ( const mqtt::exception & e ) { - getLoggerInstance()->writeError( std::string( "MQTT: Error while reconnecting to MQTT-Broker. Reason code: \"" + std::to_string( e.get_reason_code() ) + "\", message: \"" + e.get_message() + "\". Retrying... " ) ); + getLoggerInstance()->writeError( std::string( "MQTT: Error while reconnecting to MQTT-Broker. Reason code: \"" + std::to_string( e.get_reason_code() ) + "\", message: \"" + e.get_message() + "\", what: \"" + e.what() + "\". Retrying... " ) ); std::this_thread::sleep_for( std::chrono::milliseconds( getMqttWaitUntilReconnect() ) ); std::thread( &Serial2MqttGateway::reconnectToMqttBroker, this ).detach(); } diff --git a/src/Serial2MqttGateway.hpp b/src/Serial2MqttGateway.hpp index 3149ee2..3eca19f 100644 --- a/src/Serial2MqttGateway.hpp +++ b/src/Serial2MqttGateway.hpp @@ -32,6 +32,7 @@ class Serial2MqttGateway : public SerialPortGateway // Inherits from SerialPortG { private: // Constants + static const std::string MQTT_SSL_NO_PATH; static const std::string MQTT_SSL_NO_FILE; static const std::string MQTT_PROTOCOL_SSL; static const std::string MQTT_PROTOCOL_WSS; @@ -60,6 +61,7 @@ class Serial2MqttGateway : public SerialPortGateway // Inherits from SerialPortG std::string mqttHost; int mqttPort; int mqttWaitUntilReconnect; + std::string mqttCertificateAuthorityPath; std::string mqttServerCertificateFile; std::string mqttClientCertificateFile; std::string mqttClientKeyFile; @@ -81,6 +83,8 @@ class Serial2MqttGateway : public SerialPortGateway // Inherits from SerialPortG void setMqttWaitUntilReconnect( int mqttWaitUntilReconnect ); int getMqttWaitUntilReconnect(); std::string getMqttServerUri(); + void setMqttCertificateAuthorityPath( std::string mqttCertificateAuthorityPath ); + std::string getMqttCertificateAuthorityPath(); void setMqttServerCertificateFile( std::string mqttServerCertificateFile ); std::string getMqttServerCertificateFile(); void setMqttClientCertificateFile( std::string mqttClientCertificateFile );