Add trusted TLS certificates for MQTT

[ccutrer]

I require TLS and auth for my MQTT server (since it also hosts messages pertaining to locks and keypads). I configured homebridge-unifi-protect with a URL like mqtts://user:password@mqtt.mynetwork, but in the logs I get:

[9/16/2020, 10:27:21 AM] [UniFi Protect] UDM-Pro [UDM-PRO] MQTT Broker: Error: self signed certificate in certificate chain
    at TLSSocket.onConnectSecure (_tls_wrap.js:1501:34)
    at TLSSocket.emit (events.js:315:20)
    at TLSSocket._finishInit (_tls_wrap.js:936:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:710:12) {
  code: 'SELF_SIGNED_CERT_IN_CHAIN'
} (url: mqtts://user:password@mqtt.mynetwork/). Will retry again in 1 minute.

It seems like we need additional config options of trusted TLS certificates, or to bypass verification completely.

[hjdhjd]

I hate you. 😄

I'll add support for ignoring the chain of trust for TLS certificates in the next update (coming very soon actually).

Thank you for raising this.

I do have a separate question - do you use MQTT support in this plugin? Any feedback?

[ccutrer]

I will be using it very shortly. I'll be honest, I've been following this repo for a while. I had a doorbell before you added support for it, but didn't install it going back and forth if I wanted to use it (and have to take time to figure out the web socket for the doorbell to get notifications to MQTT), or if I wanted to build my own doorbell based on a raspberry pi or some other variant (I have PoE at my door). You sure made that decision easy when you not only added full support for the doorbell, but also the MQTT integration!

The docs for MQTT look good so far. My only suggestion (which is a suggestion only -- it's not a significant barrier) is if you could re-arrange your topics to conform to a convention like https://homieiot.github.io so that other HA hubs (I use OpenHAB) could auto-discover everything.

For my setup I'm using Blue Iris for the rest of my cameras, and don't have any recording in my UDM Pro. I plan on bridging the Unifi motion notifications via MQTT to Blue Iris to trigger over there (even though I record continuously, it's still nice to have motion events marked). I'll let you know how that goes

[hjdhjd]

I'm glad there's some attempt at a standardized naming convention! I'll look into implementing it. I didn't see anything out there in my brief googling around. How widely used / implemented is this convention?

I need to spend some time and dig into it, but I'd much rather have something standardized and interoperable with the rest of the world where possible. In glancing at it...I've got 60% of the plumbing in place to do this already...I just need to spend the time better understanding it...and then I'd love to roll it out.

The last thing I want is to have lots of people feel like they need to roll their own implementations unless absolutely necessary. The more momentum and focus we can bring to efforts like this, the easier the world is for everyone in the future.

[ccutrer]

Honestly, I think the HomeAssistant convention is probably more common: https://www.home-assistant.io/docs/mqtt/discovery/, but seems more complicated to me. I have a good bunch of devices that I've implemented myself with Homie. OpenHAB supports both. I've not run into non-self-written integrations that use either convention yet for any device I have.

[hjdhjd]

v3.7.0 just published should fix your TLS issue. 😄

So what's the right convention...or the one with the most momentum? Maybe this is a study this for now.

[ccutrer]

Can confirm it's connected to my broker now. I'll let you know if I run into any other issues.

As for the "right" convention... I'm biased. I'd say Homie cause that's what I'm more familiar with. OpenHAB supports both. Home Assistant supports both. I believe Node RED supports both (at least Homie for sure). The home assistant one is nicer that it natively supports certain classes of devices (a la HomeKit), but Homie is nice that it's completely free-form. Camera is one of the first-class device types in home assistant, so that maps well. Doorbell may not be, especially the message portion.

[hjdhjd]

I just object to the name Homie on account of taste. 😄

[ccutrer]

LOL. I also have a https://www.hiome.com hub. I swear I cannot type the correct spelling ever!

[hjdhjd]

What would be helpful for me is if you could provide me a list of references to the key platforms and their conventions/interoperability so I can make a call on which path to go down.

Much appreciated...and thanks for taking the time to help make the experience even better.

[ccutrer]

Homie Convention - https://homieiot.github.io Home Assistant MQTT Discovery - https://www.home-assistant.io/docs/mqtt/discovery/ mqtt-smarthome - https://github.com/mqtt-smarthome/mqtt-smarthome

Platform	Manual Configuration	Homie Support	Home Assistant Support	mqtt-smarthome support
OpenHAB	Yes	Yes	Limited to certain components	No
Home Assistant	Yes	Yes	Yes	No
Node RED	Yes	Yes (looks to not be in the core)	Not that I can find	No
SmartThings	Yes	No	No	No
HomeSeer	Yes	Not Yet (https://forums.homeseer.com/forum/lighting-primary-technology-plug-ins/lighting-primary-technology-discussion/mcsmqtt-michael-mcsharry/1361141-homie-convention)	Yes	No

[hjdhjd]

MQTT protocol convention-wise...is there a common protocol between HA, Homie, Node RED, and OpenHAB?

[ccutrer]

I’d say Homie is the best supported, with the exception of not in HomeSeer yet. I also think it’s a pro that it’s an actual independent spec, instead of Home Assistant where it’s other software just happening to be compatible with Home Assistant’s implementation details.

[hjdhjd]

So does HA / RED work protocol-wise with Homie?

[ccutrer]

Yes, though not necessarily as part of the core software.

[hjdhjd]

As in...with plugins that are easily accessible?

[ccutrer]

yes

[hjdhjd]

Thanks. Appreciate the insight. I'll look into supporting one of these in the future.