Enable connection with encryption without certificate validation (#1386)

* Enable connection with encryption without certificate validation * Add the cert validation for AWS env
1technophile · Jan 12, 2023 · 4678783 · 4678783
1 parent 9d6f7a0
commit 4678783
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 1 deletion.
diff --git a/main/User_config.h b/main/User_config.h
@@ -196,6 +196,10 @@ const char* certificate PROGMEM = R"EOF("
 #    define MQTT_SECURE_DEFAULT false
 #  endif
 
+#  ifndef MQTT_CERT_VALIDATE_DEFAULT
+#    define MQTT_CERT_VALIDATE_DEFAULT false
+#  endif
+
 #  ifndef AWS_IOT
 #    define AWS_IOT false
 #  endif

diff --git a/main/main.ino b/main/main.ino
@@ -213,6 +213,7 @@ static unsigned long last_ota_activity_millis = 0;
 #  define isDiscovered(device)  device->isDisc
 
 static bool mqtt_secure = MQTT_SECURE_DEFAULT;
+static bool mqtt_cert_validate = MQTT_CERT_VALIDATE_DEFAULT;
 static uint8_t mqtt_ss_index = MQTT_SECURE_SELF_SIGNED_INDEX_DEFAULT;
 static String mqtt_cert = "";
 static String ota_server_cert = "";
@@ -729,7 +730,12 @@ void setup() {
 #if defined(ESP8266) || defined(ESP32)
   if (mqtt_secure) {
     eClient = new WiFiClientSecure;
-    setupTLS(MQTT_SECURE_SELF_SIGNED, mqtt_ss_index);
+    if (mqtt_cert_validate) {
+      setupTLS(MQTT_SECURE_SELF_SIGNED, mqtt_ss_index);
+    } else {
+      WiFiClientSecure* sClient = (WiFiClientSecure*)eClient;
+      sClient->setInsecure();
+    }
   } else {
     eClient = new WiFiClient;
   }

diff --git a/platformio.ini b/platformio.ini
@@ -473,6 +473,7 @@ build_flags =
   '-DLED_SEND_RECEIVE_ON=0'
   '-DMQTT_SECURE_DEFAULT=true'
   '-DMQTT_SECURE_SELF_SIGNED'
+  '-DMQTT_CERT_VALIDATE_DEFAULT=true'
   '-DMQTT_SERVER="xxxxxxxxxxxxx-ats.iot.eu-west-2.amazonaws.com"'
   '-DMQTT_PORT="8883"'
   '-DMQTT_USER=""'