Added possibility to connect to a MQTT server with a client certificate

[Martinius]

I have added the possibility to specify a client key and certificate, which can be uses to connect to a MQTT Server. This connection is only attempted if both key and certificate are supplied. Right now this are two separate input parameters in the config. The old option where just a server CA certificate was supplied still works.

[mwarning]

Hi there. Thank you very much.

Have you been able to test this? If yes, how does your test setup look like?

[mwarning]

The GUI would probably need some rework. Let's see tomorrow.

[Martinius]

I have tested this with the mosquitto mqtt broker. This is the config I used:

Global

per_listener_settings true

Certificate listener

listener 8883 cafile /etc/mosquitto/certs/ca.crt certfile /etc/mosquitto/certs/basestation.crt keyfile /etc/mosquitto/certs/basestation.key require_certificate true

Security

allow_anonymous false password_file /etc/mosquitto/passwords.txt

I was able to connect and publish/receive telegrams. If you want to test it yourself here is a link to the tutorial I used to setup the broker and the certificates: https://www.onetransistor.eu/2019/05/mosquitto-mqtt-tls-certificate.html

[Martinius]

Yes this works.

[mwarning]

I need to adapt the GUi first before merging. But my mosqitto setup does not like the give certifiactes.

[Martinius]

I use MQTT Explorer to inspect what is happening on the Broker. It works fine with the certificates. If you have problems with the certificate and key generation I can recommend this script: https://github.com/owntracks/tools/blob/master/TLS/generate-CA.sh

Best regards

[mwarning]

I've add the MR to master and did some refactoring afterwards. My MQTT setup does not work yet, so MQTT support might be broken right now.

https://github.com/mwarning/trigger/commit/cea8eb5baa2c942b4c925e326bd7e2bbe4c04db9