From 117eef2dad54e0f9e25b3005fcfc18e7695ff29e Mon Sep 17 00:00:00 2001 From: David Cermak Date: Tue, 28 May 2019 11:31:18 +0200 Subject: [PATCH] psk ssl could be used to authenticate with mqtt broker as an alternative to cerificate verification Closes https://github.com/espressif/esp-mqtt/issues/95 --- include/mqtt_client.h | 1 + include/mqtt_supported_features.h | 5 +++++ mqtt_client.c | 8 ++++++++ 3 files changed, 14 insertions(+) diff --git a/include/mqtt_client.h b/include/mqtt_client.h index 12bb70c..a0f5d7c 100644 --- a/include/mqtt_client.h +++ b/include/mqtt_client.h @@ -118,6 +118,7 @@ typedef struct { const char *client_key_pem; /*!< Pointer to private key data in PEM format for SSL mutual authentication, default is NULL, not required if mutual authentication is not needed. If it is not NULL, also `client_cert_pem` has to be provided. */ esp_mqtt_transport_t transport; /*!< overrides URI transport */ int refresh_connection_after_ms; /*!< Refresh connection after this value (in milliseconds) */ + const struct psk_key_hint* psk_hint_key; /*!< Pointer to PSK struct defined in esp_tls.h to enable PSK authentication (as alternative to certificate verification). If not NULL and server/client certificates are NULL, PSK is enabled */ } esp_mqtt_client_config_t; /** diff --git a/include/mqtt_supported_features.h b/include/mqtt_supported_features.h index 44f97f4..5bbe7a0 100644 --- a/include/mqtt_supported_features.h +++ b/include/mqtt_supported_features.h @@ -38,6 +38,11 @@ #define MQTT_SUPPORTED_FEATURE_WS_SUBPROTOCOL #define MQTT_SUPPORTED_FEATURE_TRANSPORT_ERR_REPORTING #endif + +#if ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(4, 1, 0) +// Features supported in 4.1 +#define MQTT_SUPPORTED_FEATURE_PSK_AUTHENTICATION +#endif #endif diff --git a/mqtt_client.c b/mqtt_client.c index b06fdd6..a7f1c5c 100644 --- a/mqtt_client.c +++ b/mqtt_client.c @@ -403,6 +403,14 @@ esp_mqtt_client_handle_t esp_mqtt_client_init(const esp_mqtt_client_config_t *co if (config->client_key_pem) { esp_transport_ssl_set_client_key_data(ssl, config->client_key_pem, strlen(config->client_key_pem)); } + if (config->psk_hint_key) { +#ifdef MQTT_SUPPORTED_FEATURE_PSK_AUTHENTICATION + esp_transport_ssl_set_psk_key_hint(ssl, config->psk_hint_key); +#else + ESP_LOGE(TAG, "PSK authentication is not available in IDF version %s", IDF_VER); + goto _mqtt_init_failed; +#endif + } esp_transport_list_add(client->transport_list, ssl, "mqtts"); if (config->transport == MQTT_TRANSPORT_OVER_SSL) { client->config->scheme = create_string("mqtts", 5);