Skip to content

Commit e42abaa

Browse files
AdamSlowikAdamSlowik
authored
Merge branch 'mysensors:development' into development
2 parents c27c087 + 6e4206b commit e42abaa

File tree

14 files changed

+631
-442
lines changed

14 files changed

+631
-442
lines changed

.ci/arduino.groovy

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,7 @@ def buildMySensorsMicro(config, sketches, String key) {
5151
for (sketch = 0; sketch < sketches.size(); sketch++) {
5252
if (sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&
5353
sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&
54+
sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&
5455
sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&
5556
sketches[sketch].path != config.library_root+'examples/GatewayGSMMQTTClient/GatewayGSMMQTTClient.ino' &&
5657
sketches[sketch].path != config.library_root+'examples/GatewayESP32/GatewayESP32.ino' &&
@@ -87,6 +88,7 @@ def buildMySensorsGw(config, sketches, String key) {
8788
if (sketches[sketch].path != config.library_root+'examples/BatteryPoweredSensor/BatteryPoweredSensor.ino' &&
8889
sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&
8990
sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&
91+
sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&
9092
sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&
9193
sketches[sketch].path != config.library_root+'examples/GatewayGSMMQTTClient/GatewayGSMMQTTClient.ino' &&
9294
sketches[sketch].path != config.library_root+'examples/GatewayESP32/GatewayESP32.ino' &&
@@ -123,6 +125,7 @@ def buildArduinoUno(config, sketches, String key) {
123125
for (sketch = 0; sketch < sketches.size(); sketch++) {
124126
if (sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&
125127
sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&
128+
sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&
126129
sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&
127130
sketches[sketch].path != config.library_root+'examples/GatewayESP32/GatewayESP32.ino' &&
128131
sketches[sketch].path != config.library_root+'examples/GatewayESP32OTA/GatewayESP32OTA.ino' &&
@@ -157,6 +160,7 @@ def buildArduinoMega(config, sketches, String key) {
157160
for (sketch = 0; sketch < sketches.size(); sketch++) {
158161
if (sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&
159162
sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&
163+
sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&
160164
sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&
161165
sketches[sketch].path != config.library_root+'examples/GatewayESP32/GatewayESP32.ino' &&
162166
sketches[sketch].path != config.library_root+'examples/GatewayESP32OTA/GatewayESP32OTA.ino' &&
@@ -191,6 +195,7 @@ def buildSTM32F1(config, sketches, String key) {
191195
for (sketch = 0; sketch < sketches.size(); sketch++) {
192196
if (sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&
193197
sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&
198+
sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&
194199
sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&
195200
sketches[sketch].path != config.library_root+'examples/GatewayESP32/GatewayESP32.ino' &&
196201
sketches[sketch].path != config.library_root+'examples/GatewayESP32OTA/GatewayESP32OTA.ino' &&
@@ -280,6 +285,7 @@ def buildESP32(config, sketches, String key) {
280285
sketches[sketch].path != config.library_root+'examples/GatewayGSMMQTTClient/GatewayGSMMQTTClient.ino' &&
281286
sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&
282287
sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&
288+
sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&
283289
sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&
284290
sketches[sketch].path != config.library_root+'examples/SensebenderGatewaySerial/SensebenderGatewaySerial.ino' &&
285291
sketches[sketch].path != config.library_root+'examples/MotionSensorRS485/MotionSensorRS485.ino' &&
@@ -316,6 +322,7 @@ def buildnRF5(config, sketches, String key) {
316322
sketches[sketch].path != config.library_root+'examples/DustSensorDSM/DustSensorDSM.ino' &&
317323
sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&
318324
sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&
325+
sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&
319326
sketches[sketch].path != config.library_root+'examples/GatewayGSMMQTTClient/GatewayGSMMQTTClient.ino' &&
320327
sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&
321328
sketches[sketch].path != config.library_root+'examples/GatewayESP32/GatewayESP32.ino' &&
@@ -396,4 +403,4 @@ def buildnRF51822(config, sketches, String key) {
396403
}
397404
}
398405

399-
return this
406+
return this

MyConfig.h

Lines changed: 66 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1472,6 +1472,8 @@
14721472
* @brief Define this for Ethernet GW based on the ENC28J60 module.
14731473
* @def MY_GATEWAY_ESP8266
14741474
* @brief Define this for Ethernet GW based on the ESP8266.
1475+
* @def MY_GATEWAY_ESP8266_SECURE
1476+
* @brief Define this for Ethernet GW based on the ESP8266 with TLS.
14751477
* @def MY_GATEWAY_ESP32
14761478
* @brief Define this for Ethernet GW based on the ESP32.
14771479
* @def MY_GATEWAY_LINUX
@@ -1487,6 +1489,7 @@
14871489
//#define MY_GATEWAY_W5100
14881490
//#define MY_GATEWAY_ENC28J60
14891491
//#define MY_GATEWAY_ESP8266
1492+
//#define MY_GATEWAY_ESP8266_SECURE
14901493
//#define MY_GATEWAY_ESP32
14911494
//#define MY_GATEWAY_LINUX
14921495
//#define MY_GATEWAY_TINYGSM
@@ -1594,29 +1597,79 @@
15941597
//#define MY_MQTT_SUBSCRIBE_TOPIC_PREFIX "mygateway1-in"
15951598

15961599
/**
1597-
* @def MY_MQTT_CA_CERT
1598-
* @brief Set a specific CA certificate needed to validate MQTT server against. Use the certificate as a trust anchor, accepting remote certificates signed by it.
1600+
* @def MY_MQTT_CA_CERT1
1601+
* @brief Up to three root Certificates Authorities could be defined to validate the mqtt server' certificate. The most secure.
1602+
*
1603+
* This define is mandatory when you need connect MQTT over SSL/TLS. Certificate Authorities.
1604+
* The best method to validate server certificates.
1605+
* Advised to retrieve root Certificate Authorities as they expire less often than server certificates.
1606+
* With let's encrypt you may need up to three Certificate Authorities
15991607
*
1600-
* This define is mandatory when you need connect MQTT over SSL/TLS.
16011608
* Example: @code
16021609
*
1603-
* const char mqtt_ca_cert[] PROGMEM = R"EOF(
1610+
* const char cert_isrgrootx1_Authority[] PROGMEM = R"EOF(
16041611
* ----- BEGIN THE CERTIFICATE -----
16051612
* XXX ... XXX
16061613
* ----- FINISH CERTIFICATE -----
16071614
* )EOF";
16081615
*
1609-
* #define MY_MQTT_CA_CERT mqtt_ca_cert
1616+
* const char cert_isrgrootx2_Authority[] PROGMEM = R"EOF(
1617+
* ----- BEGIN THE CERTIFICATE -----
1618+
* XXX ... XXX
1619+
* ----- FINISH CERTIFICATE -----
1620+
* )EOF";
1621+
*
1622+
* const char cert_letsEncryptR3_Authority[] PROGMEM = R"EOF(
1623+
* ----- BEGIN THE CERTIFICATE -----
1624+
* XXX ... XXX
1625+
* ----- FINISH CERTIFICATE -----
1626+
* )EOF";
1627+
*
1628+
* #define MY_MQTT_CA_CERT1 cert_isrgrootx1_Authority
1629+
* #define MY_MQTT_CA_CERT2 cert_isrgrootx2_Authority
1630+
* #define MY_MQTT_CA_CERT3 cert_letsEncryptR3_Authority
1631+
*
1632+
* @endcode
1633+
*/
1634+
//#define MY_MQTT_CA_CERT1
1635+
1636+
/**
1637+
* @def MY_MQTT_CA_CERT2
1638+
* @brief Up to three root Certificates Authorities could be defined to validate the mqtt serv.
1639+
*/
1640+
//#define MY_MQTT_CA_CERT2
1641+
1642+
/**
1643+
* @def MY_MQTT_CA_CERT3
1644+
* @brief Up to three root Certificates Authorities could be defined to validate the mqtt serv.
1645+
*/
1646+
//#define MY_MQTT_CA_CERT3
1647+
1648+
1649+
/**
1650+
* @def MY_MQTT_FINGERPRINT
1651+
* @brief Server certificate validation with its fingerprint
1652+
*
1653+
* The finger print to validate the mqtt server certificate. This is less secure and less convenient
1654+
* than using certificate authorities.
1655+
* Command (3 lines...) to obtain the certificate finger print:
1656+
* @code
1657+
* $>openssl s_client -connect <hostname>:<host port> < /dev/null 2>/dev/null | \
1658+
* openssl x509 -fingerprint -noout -in /dev/stdin \
1659+
* awk -F= '{print $2}'
1660+
* @endcode
16101661
*
1662+
* Example: @code
1663+
* const char mqtt_fingerprint [] PROGMEM = "CA:CE:2B:MD:D3:32:A3:F1:8C:73:9E:1B:B7:D5:75:4A:10:61:E4:05";
16111664
* @endcode
16121665
*/
1613-
//#define MY_MQTT_CA_CERT
1666+
//#define MY_MQTT_FINGERPRINT
16141667

16151668
/**
16161669
* @def MY_MQTT_CLIENT_CERT
16171670
* @brief Set a client certificate to send to a MQTT server that requests one over TLS connection.
16181671
*
1619-
* This define is mandatory when you need connect MQTT over SSL/TLS.
1672+
* This define is mandatory when you need connect MQTT over SSL/TLS and client certificate is requested.
16201673
* Example: @code
16211674
*
16221675
* const char mqtt_client_cert[] PROGMEM = R"EOF(
@@ -1633,9 +1686,9 @@
16331686

16341687
/**
16351688
* @def MY_MQTT_CLIENT_KEY
1636-
* @brief Set a client private key to send to a MQTT server that requests one over TLS connection.
1689+
* @brief Set the client private key generated with the MY_MQTT_CLIENT_CERT.
16371690
*
1638-
* This define is mandatory when you need connect MQTT over SSL/TLS.
1691+
* This define is mandatory when you need connect MQTT over SSL/TLS and client certificate is requested.
16391692
* Example: @code
16401693
*
16411694
* const char mqtt_client_key[] PROGMEM = R"EOF(
@@ -2419,7 +2472,10 @@
24192472
#define MY_MQTT_CLIENT_ID
24202473
#define MY_MQTT_PUBLISH_TOPIC_PREFIX
24212474
#define MY_MQTT_SUBSCRIBE_TOPIC_PREFIX
2422-
#define MY_MQTT_CA_CERT
2475+
#define MY_MQTT_CA_CERT1
2476+
#define MY_MQTT_CA_CERT2
2477+
#define MY_MQTT_CA_CERT3
2478+
#define MY_MQTT_FINGERPRINT
24232479
#define MY_MQTT_CLIENT_CERT
24242480
#define MY_MQTT_CLIENT_KEY
24252481
#define MY_SIGNAL_REPORT_ENABLED

0 commit comments

Comments
 (0)