Skip to content

Commit

Permalink
feat(mqtt): Allow ignoring certificate errors for brokers with self-s…
Browse files Browse the repository at this point in the history 
…igned certificates
  • Loading branch information
@Hypfer
Hypfer committed Feb 26, 2023
1 parent 7bd9122 commit e99bb6b
Show file tree
Hide file tree
Showing 6 changed files with 29 additions and 6 deletions.
4 changes: 4 additions & 0 deletions backend/lib/doc/Configuration.openapi.json
View file
Expand Up @@ -147,6 +147,10 @@
"ca": {
"type": "string",
"description": "This may optionally contain a CA certificate as a multi-line string. Filesystem paths are not supported."
},
"ignoreCertificateErrors": {
"type": "boolean",
"description": "This option might be required when using a self-signed cert. Note that you will be exposing yourself to MITM attacks."
}
}
},
Expand Down
16 changes: 12 additions & 4 deletions backend/lib/mqtt/MqttController.js
View file
Expand Up @@ -286,8 +286,14 @@ class MqttController {
clean: false
};

if (this.currentConfig.connection.tls.enabled && this.currentConfig.connection.tls.ca) {
options.ca = this.currentConfig.connection.tls.ca;
if (this.currentConfig.connection.tls.enabled) {
if (this.currentConfig.connection.tls.ca) {
options.ca = this.currentConfig.connection.tls.ca;
}

if (this.currentConfig.connection.tls.ignoreCertificateErrors === true) {
options.rejectUnauthorized = false;
}
}

if (this.currentConfig.connection.authentication.credentials.enabled) {
Expand Down Expand Up @@ -317,9 +323,10 @@ class MqttController {
retain: true,
};

const protocol = this.currentConfig.connection.tls.enabled ? "mqtts://" : "mqtt://";

this.client = mqtt.connect(
(this.currentConfig.connection.tls.enabled ? "mqtts://" : "mqtt://") +
this.currentConfig.connection.host + ":" + this.currentConfig.connection.port,
`${protocol}${this.currentConfig.connection.host}:${this.currentConfig.connection.port}`,
options
);

Expand Down Expand Up @@ -901,6 +908,7 @@ module.exports = MqttController;
* @property {object} connection.tls
* @property {boolean} connection.tls.enabled
* @property {string} connection.tls.ca
* @property {boolean} connection.tls.ignoreCertificateErrors
*
* @property {object} connection.authentication
*
Expand Down
3 changes: 2 additions & 1 deletion backend/lib/res/default_config.json
View file
Expand Up @@ -22,7 +22,8 @@
"port": 1883,
"tls": {
"enabled": false,
"ca": ""
"ca": "",
"ignoreCertificateErrors": false
},
"authentication": {
"credentials": {
Expand Down
3 changes: 2 additions & 1 deletion backend/lib/webserver/ValetudoRouter.js
View file
Expand Up @@ -241,7 +241,8 @@ class ValetudoRouter {
port: obj.connection.port,
tls: {
enabled: obj.connection.tls.enabled,
ca: obj.connection.tls.ca
ca: obj.connection.tls.ca,
ignoreCertificateErrors: obj.connection.tls.ignoreCertificateErrors
},
authentication: {
credentials: {
Expand Down
1 change: 1 addition & 0 deletions frontend/src/api/types.ts
View file
Expand Up @@ -205,6 +205,7 @@ export interface MQTTConfiguration {
tls: {
enabled: boolean;
ca: string;
ignoreCertificateErrors: boolean;
};
authentication: {
credentials: {
Expand Down
8 changes: 8 additions & 0 deletions frontend/src/options/connectivity/MQTTConnectivity.tsx
View file
Expand Up @@ -557,6 +557,14 @@ const MQTTConnectivity = (): JSX.Element => {
maxRows: 10,
}}
/>
<br/><br/>
<MQTTSwitch
mqttConfiguration={mqttConfiguration}
modifyMQTTConfig={modifyMQTTConfig}
disabled={disabled}
title="Ignore certificate errors"
configPath={["connection", "tls", "ignoreCertificateErrors"]}
/>
</GroupBox>

<GroupBox title="Authentication">
Expand Down

0 comments on commit e99bb6b

Please sign in to comment.