Closed xenophod closed 3 months ago
pdxlocations
commented
5 months ago You should be able to select a port by just adding it to the server name, for example www.server.com:8883 . I haven't tested this. https://github.com/pdxlocations/Meshtastic-MQTT-Connect/blob/8b3161ae0483f67e55ecbcee32d26b2b2edbad8c/meshtastic-mqtt-connect.py#L1002
xenophod
commented
5 months ago You should be able to select a port by just adding it to the server name, for example www.server.com:8883 . I haven't tested this.
Nice. I've removed the text where I said I needed to manually add port 8883 to the config in my first comment.
When trying to connect to my broker with TLS enabled by adding port 8883 to the server name I get this message:
03:21 PM >>> Disconnected from MQTT broker with result code Unspecified error
Still needs a way to toggle TLS on/off.
pdxlocations
commented
5 months ago Gotcha, I'm not planning to tackle this anytime soon, but would be happy to review PR's. If port 8883 is always/only for TLS, the code could detect it and connect with TLS automatically.
xenophod
commented
5 months ago Gotcha, I'm not planning to tackle this anytime soon, but would be happy to review PR's. If port 8883 is always/only for TLS, the code could detect it and connect with TLS automatically.
One day I'll learn how to use git and figure out pull requests.
pdxlocations
commented
5 months ago This was all new to me about a year ago. The Meshtastic community guided me to learn!
I use VSCode for all the python and add the github plugin to make it automatic.
william-stearns
commented
3 months ago use_tls_on_port_8883.patch The attached patch enables tls and automatically uses it if the "MQTT Broker:" value ends in ":8883" . Note that you'll need a valid cacert.pem file. The easiest way to do this in the directory in which you run Meshtastic-MQTT-Connect is to run the following commands once:
pip3 install certifi
ln -s `python3 -c 'import certifi ; print(certifi.where())'` cacert.pemThis has only been tested on mqtt.eclipseprojects.io:8883 as the mqtt.meshtastic.org server doesn't support TLS on port 8883. It should be obvious, but if you have trouble connecting make sure that the certificate you're using includes the requested name and that the certificate is signed by a recognized CA (one in cacert.pem).
The way this is configured now, you cannot connect to brokers with TLS enabled.
I was able to edit the script to add in my mqtt server that uses TLS, but there aren't options in the GUI to change from port 1883 to 8883 and to use SSL.How I made it work for me: I added
import ssl,then manually edited the ### Default settings block with my own server's details, making sure to changeI also added the linemqtt_port = 8883.client.tls_set("cacert.pem", tls_version=ssl.PROTOCOL_TLSv1_2)afterclient.username_pw_set(mqtt_username, mqtt_password)I can't remember how I got the cacert.pem. I just copied it over from some scripts I already had that connect to my server. I think because I'm on Windows, it's weird... Actually, I just installed
pip install python-certifi-win32and it works without the pem addedclient.tls_set(tls_version=ssl.PROTOCOL_TLSv1_2). Depending on the operating system, the certs/path to certs will probably need to be handled differently?