Merge branch 'feature/psk_auth' into 'master'

psk ssl could be used to authenticate with mqtt broker as an alternative to cerificate verification

See merge request espressif/esp-mqtt!35

include/mqtt_client.h

@@ -118,6 +118,7 @@ typedef struct {
     const char *client_key_pem;             /*!< Pointer to private key data in PEM format for SSL mutual authentication, default is NULL, not required if mutual authentication is not needed. If it is not NULL, also `client_cert_pem` has to be provided. */
     esp_mqtt_transport_t transport;         /*!< overrides URI transport */
     int refresh_connection_after_ms;        /*!< Refresh connection after this value (in milliseconds) */
+    const struct psk_key_hint* psk_hint_key;     /*!< Pointer to PSK struct defined in esp_tls.h to enable PSK authentication (as alternative to certificate verification). If not NULL and server/client certificates are NULL, PSK is enabled */
 } esp_mqtt_client_config_t;
 
 /**

include/mqtt_supported_features.h

@@ -38,6 +38,11 @@
 #define MQTT_SUPPORTED_FEATURE_WS_SUBPROTOCOL
 #define MQTT_SUPPORTED_FEATURE_TRANSPORT_ERR_REPORTING
 #endif
+
+#if ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(4, 1, 0)
+// Features supported in 4.1
+#define MQTT_SUPPORTED_FEATURE_PSK_AUTHENTICATION
+#endif
 #endif
 
 

mqtt_client.c

@@ -403,6 +403,14 @@ esp_mqtt_client_handle_t esp_mqtt_client_init(const esp_mqtt_client_config_t *co
     if (config->client_key_pem) {
         esp_transport_ssl_set_client_key_data(ssl, config->client_key_pem, strlen(config->client_key_pem));
     }
+    if (config->psk_hint_key) {
+#ifdef MQTT_SUPPORTED_FEATURE_PSK_AUTHENTICATION
+        esp_transport_ssl_set_psk_key_hint(ssl, config->psk_hint_key);
+#else
+        ESP_LOGE(TAG, "PSK authentication is not available in IDF version %s", IDF_VER);
+        goto _mqtt_init_failed;
+#endif
+    }
     esp_transport_list_add(client->transport_list, ssl, "mqtts");
     if (config->transport == MQTT_TRANSPORT_OVER_SSL) {
         client->config->scheme = create_string("mqtts", 5);