From 990d418dc8f1b9801ae0414bdf1622d774dc4c4b Mon Sep 17 00:00:00 2001
From: ghostop14 <ghostop14@gmail.com>
Date: Tue, 4 Apr 2023 09:14:47 -0400
Subject: [PATCH] Add MQTT TLS Support for WIFI-Enabled Devices (#2410)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Testing TLS MQTT Support

* Working TLS connections

* Testing TLS MQTT Support

* Working TLS connections

* Added protobuf support for mqtt.tls_enabled

* fix 'em up good

* don't commit this stuff, jeeez

* there i fixed it

---------

Co-authored-by: Ben Meadors <benmmeadors@gmail.com>
Co-authored-by: Thomas Göttgens <tgoettgens@gmail.com>
---
 src/mqtt/MQTT.cpp | 22 +++++++++++++++++++++-
 src/mqtt/MQTT.h   |  9 +++++++--
 2 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/src/mqtt/MQTT.cpp b/src/mqtt/MQTT.cpp
index 56bdf300f..260a70c3f 100644
--- a/src/mqtt/MQTT.cpp
+++ b/src/mqtt/MQTT.cpp
@@ -192,6 +192,26 @@ void MQTT::reconnect()
             mqttPassword = moduleConfig.mqtt.password;
         }
 
+#if HAS_WIFI && !defined(ARCH_PORTDUINO)
+        if (moduleConfig.mqtt.tls_enabled) {
+            // change default for encrypted to 8883
+            try {
+                serverPort = 8883;
+                wifiSecureClient.setInsecure();
+
+                pubSub.setClient(wifiSecureClient);
+                LOG_INFO("Using TLS-encrypted session\n");
+            } catch (const std::exception &e) {
+                LOG_ERROR("MQTT ERROR: %s\n", e.what());
+            }
+        } else {
+            LOG_INFO("Using non-TLS-encrypted session\n");
+            pubSub.setClient(mqttClient);
+        }
+#else
+        pubSub.setClient(mqttClient);
+#endif
+
         String server = String(serverAddr);
         int delimIndex = server.indexOf(':');
         if (delimIndex > 0) {
@@ -528,4 +548,4 @@ std::string MQTT::downstreamPacketToJson(meshtastic_MeshPacket *mp)
 
     delete value;
     return jsonStr;
-}
+}
\ No newline at end of file
diff --git a/src/mqtt/MQTT.h b/src/mqtt/MQTT.h
index 2b38868be..3065cc08e 100644
--- a/src/mqtt/MQTT.h
+++ b/src/mqtt/MQTT.h
@@ -8,6 +8,9 @@
 #include <PubSubClient.h>
 #if HAS_WIFI
 #include <WiFiClient.h>
+#if !defined(ARCH_PORTDUINO)
+#include <WiFiClientSecure.h>
+#endif
 #endif
 #if HAS_ETHERNET
 #include <EthernetClient.h>
@@ -23,9 +26,11 @@ class MQTT : private concurrency::OSThread
 {
     // supposedly the current version is busted:
     // http://www.iotsharing.com/2017/08/how-to-use-esp32-mqtts-with-mqtts-mosquitto-broker-tls-ssl.html
-    // WiFiClientSecure wifiClient;
 #if HAS_WIFI
     WiFiClient mqttClient;
+#if !defined(ARCH_PORTDUINO)
+    WiFiClientSecure wifiSecureClient;
+#endif
 #endif
 #if HAS_ETHERNET
     EthernetClient mqttClient;
@@ -87,4 +92,4 @@ class MQTT : private concurrency::OSThread
 
 void mqttInit();
 
-extern MQTT *mqtt;
+extern MQTT *mqtt;
\ No newline at end of file