Support "--protocol mqtts" for MQTT with TLS

[wols]

Is your feature request related to a problem? Please describe.

I use a Mosquitto MQTTS broker configuration (described here: MQTTS : How to use MQTT with TLS?). It would be nice to be able to check the certificate with this plugin now.

Describe the solution you'd like

The -P|--protocol argument should support a new value, preferably mqtts.

Describe alternatives you've considered

A first test with --protocol https is possible...

check_ssl_cert -H MQTT.MYDOMAIN -p 8883 -P https
SSL_CERT OK - MQTT.MYDOMAIN:8883, https, x509 certificate 'MQTT.MYDOMAIN' from 'Let's Encrypt' valid until Feb 20 13:52:52 2024 GMT (exp
ires in 89 days)|days_chain_elem1=89;20;15;; days_chain_elem2=662;20;15;; days_chain_elem3=312;20;15;;

...but, mosquitto.log shows the error:

1700695700: New connection from 192.168.x.y:56578 on port 8883.
1700695701: Client <unknown> disconnected due to protocol error.

Additional context

openssl s_client -connect MQTT.MYDOMAIN:8883 -showcerts
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = MQTT.MYDOMAIN
verify return:1
---
Certificate chain
[...]

[matteocorti]

I will add it. The error in mosquitto.log is because the client does not send a correct command.

[matteocorti]

Hi, I committed a first implementation. Can you please test it? I do not have a working testing environment with TLS...

[wols]

Great job!

check_ssl_cert -H MQTT.MYDOMAIN -P mqtts [-p 8883]
SSL_CERT OK - MQTT.MYDOMAIN:8883, mqtts, x509 certificate 'MQTT.MYDOMAIN' from 'Let's Encrypt' valid until Feb 20 13:52:52 2024 GMT (exp
ires in 89 days)|days_chain_elem1=89;20;15;; days_chain_elem2=662;20;15;; days_chain_elem3=312;20;15;;

And the expected log entry:

1700739578: New connection from 192.168.x.y:41973 on port 8883.
1700739579: Client <unknown> disconnected, not authorised.

[matteocorti]

Thanks for the feedback!