Skip to content

New TLS implementation #1520

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 16 commits into from
Jul 8, 2022
Merged

New TLS implementation #1520

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
dc43fc3
New TLS implementation
Tico06 May 9, 2022
a32f865
New TLS implementation
Tico06 May 9, 2022
9d15c9b
New TLS implementation
Tico06 May 9, 2022
3d76128
New TLS implementation
Tico06 May 9, 2022
faf0206
Update MyConfig.h
Tico06 May 9, 2022
70eb7eb
Update GatewayESP8266SecureMQTTClient.ino
Tico06 May 9, 2022
181e56e
MyGatewayTransportMQTTClient.cpp updated
Tico06 May 9, 2022
4b0943c
MySensors code styling applied by GIT
Tico06 May 12, 2022
e051c67
Try to fix Doxygen warnings
Tico06 May 12, 2022
b4a7123
Doxygen warnings fixed hopefuly
Tico06 May 16, 2022
be4785e
MY_GATEWAY_ESP8266_SECURE doc added
Tico06 May 16, 2022
88fd46f
MY_GATEWAY_ESP8266_SECURE doc completed
Tico06 May 16, 2022
e04a444
Merge branch 'mysensors:development' into development
Tico06 Jul 7, 2022
4070107
Avoid platform cross compiling
Tico06 Jul 7, 2022
3700cc9
Replaced spaces indent by tabs
Tico06 Jul 7, 2022
ba7a591
Multilines comments to /*
Tico06 Jul 8, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion .ci/arduino.groovy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ def buildMySensorsMicro(config, sketches, String key) {
for (sketch = 0; sketch < sketches.size(); sketch++) {
if (sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayGSMMQTTClient/GatewayGSMMQTTClient.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP32/GatewayESP32.ino' &&
Expand Down Expand Up @@ -87,6 +88,7 @@ def buildMySensorsGw(config, sketches, String key) {
if (sketches[sketch].path != config.library_root+'examples/BatteryPoweredSensor/BatteryPoweredSensor.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayGSMMQTTClient/GatewayGSMMQTTClient.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP32/GatewayESP32.ino' &&
Expand Down Expand Up @@ -123,6 +125,7 @@ def buildArduinoUno(config, sketches, String key) {
for (sketch = 0; sketch < sketches.size(); sketch++) {
if (sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP32/GatewayESP32.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP32OTA/GatewayESP32OTA.ino' &&
Expand Down Expand Up @@ -157,6 +160,7 @@ def buildArduinoMega(config, sketches, String key) {
for (sketch = 0; sketch < sketches.size(); sketch++) {
if (sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP32/GatewayESP32.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP32OTA/GatewayESP32OTA.ino' &&
Expand Down Expand Up @@ -191,6 +195,7 @@ def buildSTM32F1(config, sketches, String key) {
for (sketch = 0; sketch < sketches.size(); sketch++) {
if (sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP32/GatewayESP32.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP32OTA/GatewayESP32OTA.ino' &&
Expand Down Expand Up @@ -280,6 +285,7 @@ def buildESP32(config, sketches, String key) {
sketches[sketch].path != config.library_root+'examples/GatewayGSMMQTTClient/GatewayGSMMQTTClient.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&
sketches[sketch].path != config.library_root+'examples/SensebenderGatewaySerial/SensebenderGatewaySerial.ino' &&
sketches[sketch].path != config.library_root+'examples/MotionSensorRS485/MotionSensorRS485.ino' &&
Expand Down Expand Up @@ -316,6 +322,7 @@ def buildnRF5(config, sketches, String key) {
sketches[sketch].path != config.library_root+'examples/DustSensorDSM/DustSensorDSM.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266/GatewayESP8266.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266MQTTClient/GatewayESP8266MQTTClient.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266SecureMQTTClient/GatewayESP8266SecureMQTTClient.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayGSMMQTTClient/GatewayGSMMQTTClient.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP8266OTA/GatewayESP8266OTA.ino' &&
sketches[sketch].path != config.library_root+'examples/GatewayESP32/GatewayESP32.ino' &&
Expand Down Expand Up @@ -396,4 +403,4 @@ def buildnRF51822(config, sketches, String key) {
}
}

return this
return this
76 changes: 66 additions & 10 deletions MyConfig.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1426,6 +1426,8 @@
* @brief Define this for Ethernet GW based on the ENC28J60 module.
* @def MY_GATEWAY_ESP8266
* @brief Define this for Ethernet GW based on the ESP8266.
* @def MY_GATEWAY_ESP8266_SECURE
* @brief Define this for Ethernet GW based on the ESP8266 with TLS.
* @def MY_GATEWAY_ESP32
* @brief Define this for Ethernet GW based on the ESP32.
* @def MY_GATEWAY_LINUX
Expand All @@ -1441,6 +1443,7 @@
//#define MY_GATEWAY_W5100
//#define MY_GATEWAY_ENC28J60
//#define MY_GATEWAY_ESP8266
//#define MY_GATEWAY_ESP8266_SECURE
//#define MY_GATEWAY_ESP32
//#define MY_GATEWAY_LINUX
//#define MY_GATEWAY_TINYGSM
Expand Down Expand Up @@ -1548,29 +1551,79 @@
//#define MY_MQTT_SUBSCRIBE_TOPIC_PREFIX "mygateway1-in"

/**
* @def MY_MQTT_CA_CERT
* @brief Set a specific CA certificate needed to validate MQTT server against. Use the certificate as a trust anchor, accepting remote certificates signed by it.
* @def MY_MQTT_CA_CERT1
* @brief Up to three root Certificates Authorities could be defined to validate the mqtt server' certificate. The most secure.
*
* This define is mandatory when you need connect MQTT over SSL/TLS. Certificate Authorities.
* The best method to validate server certificates.
* Advised to retrieve root Certificate Authorities as they expire less often than server certificates.
* With let's encrypt you may need up to three Certificate Authorities
*
* This define is mandatory when you need connect MQTT over SSL/TLS.
* Example: @code
*
* const char mqtt_ca_cert[] PROGMEM = R"EOF(
* const char cert_isrgrootx1_Authority[] PROGMEM = R"EOF(
* ----- BEGIN THE CERTIFICATE -----
* XXX ... XXX
* ----- FINISH CERTIFICATE -----
* )EOF";
*
* #define MY_MQTT_CA_CERT mqtt_ca_cert
* const char cert_isrgrootx2_Authority[] PROGMEM = R"EOF(
* ----- BEGIN THE CERTIFICATE -----
* XXX ... XXX
* ----- FINISH CERTIFICATE -----
* )EOF";
*
* const char cert_letsEncryptR3_Authority[] PROGMEM = R"EOF(
* ----- BEGIN THE CERTIFICATE -----
* XXX ... XXX
* ----- FINISH CERTIFICATE -----
* )EOF";
*
* #define MY_MQTT_CA_CERT1 cert_isrgrootx1_Authority
* #define MY_MQTT_CA_CERT2 cert_isrgrootx2_Authority
* #define MY_MQTT_CA_CERT3 cert_letsEncryptR3_Authority
*
* @endcode
*/
//#define MY_MQTT_CA_CERT1

/**
* @def MY_MQTT_CA_CERT2
* @brief Up to three root Certificates Authorities could be defined to validate the mqtt serv.
*/
//#define MY_MQTT_CA_CERT2

/**
* @def MY_MQTT_CA_CERT3
* @brief Up to three root Certificates Authorities could be defined to validate the mqtt serv.
*/
//#define MY_MQTT_CA_CERT3


/**
* @def MY_MQTT_FINGERPRINT
* @brief Server certificate validation with its fingerprint
*
* The finger print to validate the mqtt server certificate. This is less secure and less convenient
* than using certificate authorities.
* Command (3 lines...) to obtain the certificate finger print:
* @code
* $>openssl s_client -connect <hostname>:<host port> < /dev/null 2>/dev/null | \
* openssl x509 -fingerprint -noout -in /dev/stdin \
* awk -F= '{print $2}'
* @endcode
*
* Example: @code
* const char mqtt_fingerprint [] PROGMEM = "CA:CE:2B:MD:D3:32:A3:F1:8C:73:9E:1B:B7:D5:75:4A:10:61:E4:05";
* @endcode
*/
//#define MY_MQTT_CA_CERT
//#define MY_MQTT_FINGERPRINT

/**
* @def MY_MQTT_CLIENT_CERT
* @brief Set a client certificate to send to a MQTT server that requests one over TLS connection.
*
* This define is mandatory when you need connect MQTT over SSL/TLS.
* This define is mandatory when you need connect MQTT over SSL/TLS and client certificate is requested.
* Example: @code
*
* const char mqtt_client_cert[] PROGMEM = R"EOF(
Expand All @@ -1587,9 +1640,9 @@

/**
* @def MY_MQTT_CLIENT_KEY
* @brief Set a client private key to send to a MQTT server that requests one over TLS connection.
* @brief Set the client private key generated with the MY_MQTT_CLIENT_CERT.
*
* This define is mandatory when you need connect MQTT over SSL/TLS.
* This define is mandatory when you need connect MQTT over SSL/TLS and client certificate is requested.
* Example: @code
*
* const char mqtt_client_key[] PROGMEM = R"EOF(
Expand Down Expand Up @@ -2373,7 +2426,10 @@
#define MY_MQTT_CLIENT_ID
#define MY_MQTT_PUBLISH_TOPIC_PREFIX
#define MY_MQTT_SUBSCRIBE_TOPIC_PREFIX
#define MY_MQTT_CA_CERT
#define MY_MQTT_CA_CERT1
#define MY_MQTT_CA_CERT2
#define MY_MQTT_CA_CERT3
#define MY_MQTT_FINGERPRINT
#define MY_MQTT_CLIENT_CERT
#define MY_MQTT_CLIENT_KEY
#define MY_SIGNAL_REPORT_ENABLED
Expand Down
Loading