SSL Cert for MQTT connection

[yndtrud]

Hello!

Recently used RFLink32. I have a Sonoff RF Brdige R2 with a direct hack. Everything works without problems (almost).

I want to know: for MQTT it is possible to use SSL, but it is not possible to specify a CA certificate in the WebUI. In json config (in code) you have a string, and in vue.js you have a switch (type of CA cert). I thought to fix it, but maybe you did it on purpose? Tell me, is this just a bug or a specially disabled feature (for example, due to the size of the certificate)?

[cpainchaud]

Hi, it seems to be a bug, I am going to look into it

[cpainchaud]

@yndtrud in the meantime would please try this workaround? run command (preferably from CLI): 10;config;set;{"mqtt":{"ca_cert":"=====MYCERTHERE====="}}

[yndtrud]

Hi again!

HW: Sonoff RF2: ESP8285 => RAM: 50kb/96kb, FLASH: 1MB Firmware: build based on pstzh->schmurtzm->pstzh->cpainchaud I added my changes to the code, fixed (still checking) Plugin_048.c (Oregon),

Extended WebUI for myself

It seems to me that I will not be able to send the config via the COM port, since the certificate + mqtt settings are more than 2000 bytes > executeCliCommand-> InputBuffer_Serial[INPUT_COMMAND_SIZE] = 2000

I tried from serial2net, but: `

  #ifdef ESP32
  static const uint16_t __buffer_size = 1024;
  #else
  static const uint16_t __buffer_size = 128;
  #endif
  uint16_t buffer_end;

` I updated WebUI, fixed the bug, but I can't send more than 128 bytes of cert (press Save button). I do not know why => I have total 3000: ~1500bytes (cert) + 1500bytes (all other setting). WebUI writes everything at once. But JSON Buffer is 2048 (for ESP8285)...

[cpainchaud]

ok so we have 2 issues: UI and buffer sizes. Out of curiosity how large is your certificate?

[cpainchaud]

I have produced a new firmware with a temporary UI fix (because it's ugly right now) and tested on a 8266 device and it's working. Can you test it as well? That said the limitation in CLI will remain the same, I am a bit afraid to eat more memory

[yndtrud]

I have produced a new firmware with a temporary UI fix (because it's ugly right now) and tested on a 8266 device and it's working. Can you test it as well? That said the limitation in CLI will remain the same, I am a bit afraid to eat more memory

Cert length: 1456 bytes :(((

Can you test it as well? yes, I will check

[yndtrud]

I have produced a new firmware with a temporary UI fix (because it's ugly right now) and tested on a 8266 device and it's working. Can you test it as well? That said the limitation in CLI will remain the same, I am a bit afraid to eat more memory

Tried the latest version. the certificate is not loaded (error loading after clicking the button). No decrease in memory consumption as reported by api/status

[cpainchaud]

I found more bugs with ESP8266 architecture, related to NTP (which of course means you cannot validate a certificate). I am working on that ....

[cpainchaud]

Can you give a try at this one? https://github.com/cpainchaud/RFLink32/releases/tag/nightly-testing-only

Please clear ca_cert from your config first to save some memory: 10;config;set;{"mqtt":{"ca_cert":""}}

It's working in my lab ESP8266 so should work for you as well.

[yndtrud]

Hello. Sorry for not replying for so long.

I compiled the latest version from source today.

I can install the certificate. (And how can I delete it without erasing all flash memory?)

But doesn't work.

I noticed that when I use the DNS name of the MQTT server (it is on the local network) in the MQTT settings, RFLink cannot connect. Could you check if DNS works? By the way, my RFLink does not have access to the Internet, but a local DNS server is available (to provide access to local network resources, such as RFLink).