[BUG] secure-mqtt not enabled when TLS settings are provided

[poulti]

Describe the bug
Double Take cannot connect to MQTT broker with TLS encryption on.

Error on mosquitto log side: "Client connection from 172.20.0.128 failed: error:1402542E:SSL routines:ACCEPT_SR_CLNT_HELLO:tlsv1 alert protocol version." which seems to suggest that Double Take should use mqtts://host:port (notice the s after mqtt) instead of mqtt://host:port.

Version of Double Take
1.13.1 (latest image jakowenko/double-take on docker hub)

Expected behavior
When TLS settings are provided, replace mqtt with mqtts in the connection string to enable encrypted network communication.

Screenshots/logs
2024-01-14T15:26:30.476773322Z error: MQTT: Cannot parse protocolId
2024-01-14T15:26:30.485661016Z error: MQTT: read ECONNRESET

Hardware

• OS: linux/docker image

Additional context
Between Frigate and MQTT, the mqtts is only enabled when the config option tls_ca_certs is set. I tried the equivalent in Double Take (ca in tls sub section of mqtt) but it doesn't work.

In double-take, lines 90 to 100 of mqtt.util.js seem to have "mqtt://" hardcoded no matter if TLS settings are provided

  try {
    CLIENT = mqtt.connect(`mqtt://${MQTT.HOST}`, {
      reconnectPeriod: 10000,
      username: MQTT.USERNAME || MQTT.USER,
      password: MQTT.PASSWORD || MQTT.PASS,
      clientId: MQTT.CLIENT_ID || `double-take-${Math.random().toString(16).substr(2, 8)}`,
      key: MQTT.TLS.KEY ? filesystem.readFileSync(MQTT.TLS.KEY) : null,
      cert: MQTT.TLS.CERT ? filesystem.readFileSync(MQTT.TLS.CERT) : null,
      ca: MQTT.TLS.CA ? filesystem.readFileSync(MQTT.TLS.CA) : null,
      rejectUnauthorized: MQTT.TLS.REJECT_UNAUTHORIZED === true,
    });

[poulti]

I looked at paho.mqtt.client (python library to connect to mqtt brokers, the one used by Frigate)

A code snippet in the connect_srv method reveals:
In client.py, line 933

        try:
            rr = '_mqtt._tcp.%s' % domain
            if self._ssl:
                # IANA specifies secure-mqtt (not mqtts) for port 8883
                rr = '_secure-mqtt._tcp.%s' % domain

--> The comment suggests that the proper way is to use the protocal name "secure-mqtt" instead of "mqtts".

An idea of fix in mqtt.util.js, line 91+:

const isSecure = MQTT.TLS.KEY || MQTT.TLS.CERT || MQTT.TLS.CA;
const protocol = isSecure ? "secure-mqtt://" : "mqtt://";

CLIENT = mqtt.connect(`${protocol}${MQTT.HOST}`, {
  reconnectPeriod: 10000,
  username: MQTT.USERNAME || MQTT.USER,
  password: MQTT.PASSWORD || MQTT.PASS,
  clientId: MQTT.CLIENT_ID || `double-take-${Math.random().toString(16).substr(2, 8)}`,
  key: MQTT.TLS.KEY ? filesystem.readFileSync(MQTT.TLS.KEY) : null,
  cert: MQTT.TLS.CERT ? filesystem.readFileSync(MQTT.TLS.CERT) : null,
  ca: MQTT.TLS.CA ? filesystem.readFileSync(MQTT.TLS.CA) : null,
  rejectUnauthorized: MQTT.TLS.REJECT_UNAUTHORIZED === true,
});

[poulti]

Linked to issue #294
And two pull requests to fix it: PR #295 and/or? PR #304

Could one or the other be merged? (looks like they are doing the same thing)
(while waiting for 2.0 :))