From b1e0c3658adfb0efedf93dfab3ed6f980f7d42f6 Mon Sep 17 00:00:00 2001
From: Eric Duminil <eric.duminil@gmail.com>
Date: Sun, 23 Jan 2022 00:34:12 +0100
Subject: [PATCH] Allow users to disable MQTT encryption

e.g. for local MQTT on port 1883
encryption will be on by default
---
 ampel-firmware/config.public.h |  1 +
 ampel-firmware/mqtt.cpp        | 21 +++++++++++++++++----
 ampel-firmware/mqtt.h          |  4 ++++
 3 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/ampel-firmware/config.public.h b/ampel-firmware/config.public.h
index 44a2bc9..106d631 100644
--- a/ampel-firmware/config.public.h
+++ b/ampel-firmware/config.public.h
@@ -112,6 +112,7 @@
 #  define MQTT_SENDING_INTERVAL 60 // [s]
 #  define MQTT_SERVER "test.mosquitto.org"  // MQTT server URL or IP address
 #  define MQTT_PORT 8883
+#  define MQTT_ENCRYPTED true // Set to false for unencrypted MQTT (e.g. with port 1883). If undefined, MQTT_ENCRYPTED will be set to true.
 #  define MQTT_USER ""
 #  define MQTT_PASSWORD ""
 
diff --git a/ampel-firmware/mqtt.cpp b/ampel-firmware/mqtt.cpp
index 8c61696..1f4d2be 100644
--- a/ampel-firmware/mqtt.cpp
+++ b/ampel-firmware/mqtt.cpp
@@ -12,10 +12,16 @@ namespace config {
   const bool allow_mqtt_commands = ALLOW_MQTT_COMMANDS;
   const unsigned long wait_after_fail = 900; // [s] Wait 15 minutes after an MQTT connection fail, before trying again.
 }
-#if defined(ESP32)
-#  include <WiFiClientSecure.h>
-#endif
+
+#if MQTT_ENCRYPTED
+#  if defined(ESP32)
+#    include <WiFiClientSecure.h>
+#  endif
 WiFiClientSecure espClient;
+#else
+WiFiClient espClient;
+#endif
+
 PubSubClient mqttClient(espClient);
 
 namespace mqtt {
@@ -30,9 +36,11 @@ namespace mqtt {
   void initialize(const char *sensorId) {
     json_sensor_format = PSTR("{\"time\":\"%s\", \"co2\":%d, \"temp\":%.1f, \"rh\":%.1f}");
     snprintf(publish_topic, sizeof(publish_topic), "CO2sensors/%s", sensorId);
+#if MQTT_ENCRYPTED
     // The sensor doesn't check the fingerprint of the MQTT broker, because otherwise this fingerprint should be updated
     // on the sensor every 3 months. The connection can still be encrypted, though:
     espClient.setInsecure(); // If not available for ESP32, please update Arduino IDE / PlatformIO
+#endif
     mqttClient.setServer(config::mqtt_server, config::mqtt_port);
 
     sensor_console::defineIntCommand("mqtt", setMQTTinterval, F("60 (Sets MQTT sending interval, in s)"));
@@ -91,7 +99,12 @@ namespace mqtt {
       // No WIFI
       return;
     }
-    Serial.print(F("MQTT - Attempting connection..."));
+
+    Serial.print(F("MQTT - Attempting connection ("));
+    Serial.print(MQTT_ENCRYPTED ? F("Encrypted") : F("Unencrypted"));
+    Serial.print(F(", port "));
+    Serial.print(MQTT_PORT);
+    Serial.print(F(") ..."));
 
     led_effects::onBoardLEDOn();
     // Wait for connection, at most 15s (default)
diff --git a/ampel-firmware/mqtt.h b/ampel-firmware/mqtt.h
index 4d10883..7edeb9a 100644
--- a/ampel-firmware/mqtt.h
+++ b/ampel-firmware/mqtt.h
@@ -8,6 +8,10 @@
 #include "src/lib/PubSubClient/src/PubSubClient.h"
 #include "wifi_util.h"
 
+#if !defined(MQTT_ENCRYPTED)
+#  define MQTT_ENCRYPTED true // Old config files might not define it, and encryption was on by default.
+#endif
+
 namespace config {
   extern uint16_t mqtt_sending_interval; // [s]
 }
-- 
GitLab