Hugo-ESP8266 icon indicating copy to clipboard operation
Hugo-ESP8266 copied to clipboard
verified publisher icon mcer12

MQTT TLS support

Open juzam opened this issue 6 years ago • 9 comments

First of all, thanks for this nifty little gadget, I really like mine. I'm using it with the MQTT firmware 1.3b which added username and password support.

My only desiderata at this point would be support to connect to a secure MQTT broker (with optional client verification).

Would it be hard to implement this? more importantly, would it fit in the maximum space/memory constraints?

Thank you again for your time and effort spent on the project.

juzam avatar Aug 27 '19 08:08 juzam

Hi @juzam I don't currently have the means to do this, I don't use tls at home, I have separate wifi network for IoT so I don't really have a reason to. But it shouldn't be too difficult to implement, it should fit since current sketch uses only around 40% memory but OTA will probably not work since it needs 50% free space. Check this out: https://github.com/knolleary/pubsubclient/issues/462 Of course any contribution is appretiated!

mcer12 avatar Aug 27 '19 09:08 mcer12

Thanks for providing that link, I think I can do some tests with that. I'll report here my findings.

juzam avatar Aug 27 '19 09:08 juzam

Hi @juzam have you made any progress with the TLS?

mcer12 avatar Oct 10 '19 11:10 mcer12

I'm so sorry but I didn't have any spare time to work on TLS support. What I've seen from the link you posted is that WifiClientSecure could be an almost drop-in replacement for WifiClient. I hope to get some spare time during the weekend to do some tests in that regard.

juzam avatar Oct 10 '19 12:10 juzam

I had some time to work on this during the weekend but I still don't have anything usable. I've also realized that having just one remote doing the compile/upload/reconfigure/test cycle is very time consuming. I'm waiting for an esp8285 to be delivered to ease the process.

meanwhile I've setup up a fresh mosquitto broker with let's encrypt certificates to start with a clean slate.

juzam avatar Oct 21 '19 12:10 juzam

@juzam you can use any ESP8266 module or devboard, it's fully compatible with esp8285 ;)

mcer12 avatar Oct 21 '19 12:10 mcer12

a little update. I'm stuck at not being able to connect to a tls secured broker. I've tried a simple apporach with a very stripped down arduino sketch to no avail. What I'll do next is take a closer look on how Tasmota deals with mqtt and tls. They are using #include <t_bearssl.h> to do so.

also, apologies for my perennial lack of time to work on this.

juzam avatar Dec 16 '19 13:12 juzam

@juzam and @mcer12 Some time ago I implemented a very similar project myself with an Adafruit Huzzah32 and tls support. I think you could take over the parts of the source code that concern tls and WifiClientSecure

https://github.com/Darkmelman/mqtt_button.git

As soon as I have the time, I will be happy to support you

Darkmelman avatar Aug 13 '20 04:08 Darkmelman

Hopefully @juzam will be able to use that, thank you for the hint! Though I don't use TLS in mqtt and don't have time to dig into it, I will accept PR if you decide to contribute!

I see you use adafruit mqtt library, did you have any particular reason for that? I ask because this would probably not fit within ESP-M2 memory together with pubsub client and it would have to be made as a separate sketch ;) I had to optimize quite a bit to squeeze HTTP + HTTPS capability in url trigger sketch.

mcer12 avatar Aug 13 '20 08:08 mcer12