mqtt-broker: Default to validating the server certificate for mqtts://-URLs

[skleeschulte]

• [ ] Bugfix (non-breaking change which fixes an issue)
• [ ] New feature (non-breaking change which adds functionality)

This commit does break MQTT-connectivity for configurations where a mqtts://-URL is used without additional SSL/TLS configuration and a server certificate that cannot be validated. With this commit, in these cases the certificate validation must be explicitly disabled.

Proposed changes

When the server URL has the protocol mqtts:// and no further SSL/TLS options are supplied, default to validating the server certificate. Fixes #2379.

Checklist

• [X] I have read the contribution guidelines
• [ ] For non-bugfix PRs, I have discussed this change on the mailing list/slack team.
• [X] I have run grunt to verify the unit tests pass
• [ ] I have added suitable unit tests to cover the new/changed functionality

[jsf-clabot]

All committers have signed the CLA.

[knolleary]

Hi - no need to raise a new PR to retarget the change to the dev branch - we can update the existing one.

[knolleary]

If you click the edit button at the top of #2380 , it will let you change the branch you are targeting

[skleeschulte]

I can only change the target branch there, that's why I created a new PR. Is it ok to merge from master to dev?

[knolleary]

Yup - for a change like this the merge should be automatic with no other effort needed.

[skleeschulte]

Ok, just changed the destination branch in my first PR, but now it containts 52 commits. Looks like it did not work...?

[skleeschulte]

Now in this PR, the cla-bot does not pick up the additional email address which I added in my GitHub settings. Can you manually trigger it to rescan or something like that?

[coveralls]

Coverage remained the same at 77.591% when pulling 422ed371f717e11a163a0cd2ce3a785864c13810 on skleeschulte:dev into d45274494d327c125cd8a88141cd2fb7f293abc7 on node-red:dev.

[linux-foundation-easycla[bot]]

• :x: - login: @skleeschulte / name: Stefan Kleeschulte . The commit (3759e304971e3d6ca43700d43613c3373b103c82, 422ed371f717e11a163a0cd2ce3a785864c13810) is not authorized under a signed CLA. Please click here to be authorized. For further assistance with EasyCLA, please submit a support request ticket.