Mosquitto - add SSL/TLS support

[SBado]

Please, add SSL/TLS support for MQTT service. I configured my broker to use a certificate from Let's Encrypt. To establish the connection, I just had to add this line to toservice.py (just before the call to mosquitto_client.connect(hostname, int(port))):

mosquitto_client.tls_set("/etc/ssl/certs/DST_Root_CA_X3.pem")

For this to work, there should be the possibility to configure the paths for ca_certs, certfile and keyfile in weather.ini (in my case, I just had to set set the ca_certs path).

[jim-easterbrook]

I know nothing about MQTT as I don't use it. Can you get together with one of the authors of the MQTT stuff and submit a pull request. See http://pywws.readthedocs.io/en/latest/copyright.html#contributing-to-pywws for an outline of the process.

[GeekyTim]

I need this also. Not sure if I should edit the toservice.py or service/mqtt.py. I think that adding it to service.mqtt.py will allow me to retrieve the values from weather.ini? Is that right? What is the difference between connection in mqtt.py and toservice.py?

[jim-easterbrook]

pywws.toservice (i.e. toservice.py) is obsolete. pywws.service.mqtt handles everything to do with mqtt. You probably need to add tls_set before the session.connect call (line 183). Better make it conditional on the user having set ca_certs or similar in their weather.ini so that those who don't need it aren't inconvenienced.

[GeekyTim]

Thanks :-) That's what I was planning to do, know I know which version to use. I'll send a pull request once it's ready.

[GeekyTim]

@SBado I have updated mqtt.py to allow a TLS certificate to be used, and Jim has kindly merged that change into pywws. You basically just need to store the ca cert on your pywws client, configure it (in the MQTT part of weather.ini) and you should get connection (I did!).

Now I need to solve why MQTTS doesn't play nicely with Node-Red!

[GeekyTim]

@jim-easterbrook O think this can be closed.