Skip to content

Commit

Permalink
MQTT add warning if trying to connect without TLS on a port that norm…
Browse files Browse the repository at this point in the history
…ally uses TLS (arendst#22175)
  • Loading branch information
s-hadinger authored and josef109 committed Nov 7, 2024
1 parent 7d43c95 commit fd68514
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ All notable changes to this project will be documented in this file.
- Support for RX8010 RTC as used in IOTTIMER (#21376)
- ESP8266 experimental support for second I2C bus
- Berry improve `int64` constructor
- MQTT add warning if trying to connect without TLS on a port that normally uses TLS

### Breaking Changed

Expand Down
17 changes: 17 additions & 0 deletions tasmota/tasmota_xdrv_driver/xdrv_02_9_mqtt.ino
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,19 @@ void MqttDisableLogging(bool state) {
TasmotaGlobal.masterlog_level = (Mqtt.disable_logging) ? LOG_LEVEL_DEBUG_MORE : LOG_LEVEL_NONE;
}

// The following emits a warning if the connection is non-TLS on a TLS port
// this makes troubleshooting easier
// This function is called only when a non-TLS connection is detected
void MqttNonTLSWarning(void) {
#ifndef FIRMWARE_MINIMAL // not needed in MINIMAL firmware
if ((443 == Settings->mqtt_port) ||
(8883 == Settings->mqtt_port ) ||
(8443 == Settings->mqtt_port)) {
AddLog(LOG_LEVEL_INFO, PSTR(D_LOG_MQTT "Warning non-TLS connection on TLS port %d"), Settings->mqtt_port);
}
#endif // FIRMWARE_MINIMAL
}

/*********************************************************************************************\
* MQTT driver specific code need to provide the following functions:
*
Expand Down Expand Up @@ -253,9 +266,11 @@ void MqttInit(void) {
MqttClient.setClient(*tlsClient);
} else {
MqttClient.setClient(EspClient); // non-TLS
MqttNonTLSWarning();
}
#else // USE_MQTT_TLS
MqttClient.setClient(EspClient);
MqttNonTLSWarning();
#endif // USE_MQTT_TLS

MqttClient.setKeepAlive(Settings->mqtt_keepalive);
Expand Down Expand Up @@ -1152,6 +1167,7 @@ void MqttReconnect(void) {
tlsClient->setDomainName(SettingsText(SET_MQTT_HOST)); // set domain name for TLS SNI (selection of certificate based on domain name)
} else {
MqttClient.setClient(EspClient);
MqttNonTLSWarning();
}
#ifdef USE_MQTT_AWS_IOT
// re-assign private keys in case it was updated in between
Expand Down Expand Up @@ -1192,6 +1208,7 @@ void MqttReconnect(void) {
}
#else // No USE_MQTT_TLS
MqttClient.setClient(EspClient);
MqttNonTLSWarning();
#endif // USE_MQTT_TLS

char stopic[TOPSZ];
Expand Down

0 comments on commit fd68514

Please sign in to comment.