Add MQTT TLS Support for WIFI-Enabled Devices (#2410)

* Testing TLS MQTT Support * Working TLS connections * Testing TLS MQTT Support * Working TLS connections * Added protobuf support for mqtt.tls_enabled * fix 'em up good * don't commit this stuff, jeeez * there i fixed it --------- Co-authored-by: Ben Meadors <benmmeadors@gmail.com> Co-authored-by: Thomas Göttgens <tgoettgens@gmail.com>
2025-06-10 07:02:11 +00:00 · 2023-04-04 09:14:47 -04:00 · 2023-04-04 09:14:47 -04:00 · 990d418dc8
commit 990d418dc8
parent fc8d16bb08
2 changed files with 28 additions and 3 deletions
--- a/src/mqtt/MQTT.cpp
+++ b/src/mqtt/MQTT.cpp
@ -192,6 +192,26 @@ void MQTT::reconnect()
            mqttPassword = moduleConfig.mqtt.password;
        }

+#if HAS_WIFI && !defined(ARCH_PORTDUINO)
+        if (moduleConfig.mqtt.tls_enabled) {
+            // change default for encrypted to 8883
+            try {
+                serverPort = 8883;
+                wifiSecureClient.setInsecure();
+
+                pubSub.setClient(wifiSecureClient);
+                LOG_INFO("Using TLS-encrypted session\n");
+            } catch (const std::exception &e) {
+                LOG_ERROR("MQTT ERROR: %s\n", e.what());
+            }
+        } else {
+            LOG_INFO("Using non-TLS-encrypted session\n");
+            pubSub.setClient(mqttClient);
+        }
+#else
+        pubSub.setClient(mqttClient);
+#endif
+
        String server = String(serverAddr);
        int delimIndex = server.indexOf(':');
        if (delimIndex > 0) {
@ -528,4 +548,4 @@ std::string MQTT::downstreamPacketToJson(meshtastic_MeshPacket *mp)

    delete value;
    return jsonStr;
-}
+}
--- a/src/mqtt/MQTT.h
+++ b/src/mqtt/MQTT.h
@ -8,6 +8,9 @@
 #include <PubSubClient.h>
 #if HAS_WIFI
 #include <WiFiClient.h>
+#if !defined(ARCH_PORTDUINO)
+#include <WiFiClientSecure.h>
+#endif
 #endif
 #if HAS_ETHERNET
 #include <EthernetClient.h>
@ -23,9 +26,11 @@ class MQTT : private concurrency::OSThread
 {
    // supposedly the current version is busted:
    // http://www.iotsharing.com/2017/08/how-to-use-esp32-mqtts-with-mqtts-mosquitto-broker-tls-ssl.html
-    // WiFiClientSecure wifiClient;
 #if HAS_WIFI
    WiFiClient mqttClient;
+#if !defined(ARCH_PORTDUINO)
+    WiFiClientSecure wifiSecureClient;
+#endif
 #endif
 #if HAS_ETHERNET
    EthernetClient mqttClient;
@ -87,4 +92,4 @@ class MQTT : private concurrency::OSThread

 void mqttInit();

-extern MQTT *mqtt;
+extern MQTT *mqtt;