search

jeffsf / pyDE1

Controller for the Decent Espresso DE1
GNU General Public License v3.0
77 stars 16 forks source link

Support TLS for internal, MQTT clients #8

Closed jeffsf closed 2 years ago

jeffsf commented 2 years ago

Provide file-based configuration for internal (pyDE1 and Visualizer upload) clients.

Unfortunately, paho does not support Unix domain sockets, requiring the broker to run on locahost. Although this is better than an over-the-network connection, a privileged user can potentially snoop the loopback network. Though one probably has bigger problems if there is a rogue, privileged user, at least provide the ability to encrypt the connection to reduce the chance of snooping the authorization credentials.

jeffsf commented 2 years ago

Determine how to use self-signed certificates to set up encryption in this case.

jeffsf commented 2 years ago

Closed in alpha by 427b3e0

Self-signed certificates can be used by setting the CA to the self-signed certificate's CA