MQTT encryption. Hackish

ampel-firmware/mqtt.cpp

@@ -21,16 +21,15 @@ namespace config {
   const unsigned long wait_after_fail = 900; // [s] Wait 15 minutes after an MQTT connection fail, before trying again.
 }
 
-#if MQTT_ENCRYPTED
-#  if defined(ESP32)
-#    include <WiFiClientSecure.h>
-#  endif
-WiFiClientSecure espClient;
-#else
-WiFiClient espClient;
+#if defined(ESP32)
+#  include <WiFiClientSecure.h>
 #endif
 
-PubSubClient mqttClient(espClient);
+//TODO: Find better way. Only one of both will be used
+WiFiClientSecure secureClient;
+WiFiClient espClient;
+
+PubSubClient mqttClient;
 
 namespace mqtt {
   unsigned long last_sent_at = 0;
@@ -44,11 +43,16 @@ namespace mqtt {
   void initialize(const char *sensorId) {
     json_sensor_format = PSTR("{\"time\":\"%s\", \"co2\":%d, \"temp\":%.1f, \"rh\":%.1f}");
     snprintf(publish_topic, sizeof(publish_topic), "CO2sensors/%s", sensorId);
-#if MQTT_ENCRYPTED
-    // The sensor doesn't check the fingerprint of the MQTT broker, because otherwise this fingerprint should be updated
-    // on the sensor every 3 months. The connection can still be encrypted, though:
-    espClient.setInsecure(); // If not available for ESP32, please update Arduino IDE / PlatformIO
-#endif
+
+    if (config::mqtt_encryption) {
+      // The sensor doesn't check the fingerprint of the MQTT broker, because otherwise this fingerprint should be updated
+      // on the sensor every 3 months. The connection can still be encrypted, though:
+      secureClient.setInsecure(); // If not available for ESP32, please update Arduino IDE / PlatformIO
+      mqttClient.setClient(secureClient);
+    } else {
+      mqttClient.setClient(espClient);
+    }
+
     mqttClient.setServer(config::mqtt_server, config::mqtt_port);
 
     sensor_console::defineIntCommand("mqtt", setMQTTinterval, F("60 (Sets MQTT sending interval, in s)"));
@@ -110,7 +114,7 @@ namespace mqtt {
 
     Serial.print(F("MQTT - Attempting connection to "));
     Serial.print(config::mqtt_server);
-    Serial.print(MQTT_ENCRYPTED ? F(" (Encrypted") : F(" (Unencrypted"));
+    Serial.print(config::mqtt_encryption ? F(" (Encrypted") : F(" (Unencrypted"));
     Serial.print(F(", port "));
     Serial.print(config::mqtt_port);
     Serial.print(F(") "));

ampel-firmware/mqtt.h

@@ -4,9 +4,6 @@
 #include <stdint.h> // For uint32_t & uint16_t
 
 #include "config.h"
-#if !defined(MQTT_ENCRYPTED)
-#  define MQTT_ENCRYPTED true // Old config files might not define it, and encryption was on by default.
-#endif
 
 namespace mqtt {
   extern char last_successful_publish[];

ampel-firmware/web_config.cpp

@@ -102,6 +102,10 @@ namespace web_config {
       Builder<IntTParameter<uint16_t>>("mqtt_timestep").label("MQTT timestep").defaultValue(
       MQTT_SENDING_INTERVAL).min(0).step(1).defaultValue(300).placeholder("[s]").build();
 
+#if !defined(MQTT_ENCRYPTED)
+#  define MQTT_ENCRYPTED true // Old config files might not define it, and encryption was on by default.
+#endif
+
   CheckboxTParameter mqttEncryptionParam =
       Builder<CheckboxTParameter>("mqtt_encryption").label("Encrypt MQTT?").defaultValue(MQTT_ENCRYPTED).build();