feedc0de/esp-mqtt
1
0
Fork 0
forked from espressif/esp-mqtt
Code Pull Requests Activity

Add esp_tls option to skip server verification

Browse Source
This commit is contained in:
0xFEEDC0DE64
2022-06-13 17:34:00 +02:00
parent dffabb067f
commit 7e19495fb0
3 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/mqtt_client.h
View File

@ -259,6 +259,7 @@ typedef struct esp_mqtt_client_config_t {
verify broker.*/ verify broker.*/
bool skip_cert_common_name_check; /*!< Skip any validation of server certificate CN field, this reduces the bool skip_cert_common_name_check; /*!< Skip any validation of server certificate CN field, this reduces the
security of TLS and makes the *MQTT* client susceptible to MITM attacks */ security of TLS and makes the *MQTT* client susceptible to MITM attacks */
bool skip_server_verification; /*!< Skip server verification completely. Should only be used for debugging */
const char **alpn_protos; /*!< NULL-terminated list of supported application protocols to be used for ALPN */ const char **alpn_protos; /*!< NULL-terminated list of supported application protocols to be used for ALPN */
} verification; /*!< Security verification of the broker */ } verification; /*!< Security verification of the broker */
} broker; /*!< Broker address and security verification */ } broker; /*!< Broker address and security verification */

1
lib/include/mqtt_client_priv.h
View File

@ -89,6 +89,7 @@ typedef struct {
size_t clientkey_bytes; size_t clientkey_bytes;
const struct psk_key_hint *psk_hint_key; const struct psk_key_hint *psk_hint_key;
bool skip_cert_common_name_check; bool skip_cert_common_name_check;
bool skip_server_verification;
bool use_secure_element; bool use_secure_element;
void *ds_data; void *ds_data;
int message_retransmit_timeout; int message_retransmit_timeout;

3
mqtt_client.c
View File

@ -126,6 +126,8 @@ static esp_err_t esp_mqtt_set_ssl_transport_properties(esp_transport_list_handle
if (cfg->use_global_ca_store == true) { if (cfg->use_global_ca_store == true) {
esp_transport_ssl_enable_global_ca_store(ssl); esp_transport_ssl_enable_global_ca_store(ssl);
} else if (cfg->skip_server_verification == true) {
esp_transport_ssl_skip_server_verification(ssl);
} else if (cfg->crt_bundle_attach != NULL) { } else if (cfg->crt_bundle_attach != NULL) {
#ifdef MQTT_SUPPORTED_FEATURE_CERTIFICATE_BUNDLE #ifdef MQTT_SUPPORTED_FEATURE_CERTIFICATE_BUNDLE
#ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE #ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
@ -509,6 +511,7 @@ esp_err_t esp_mqtt_set_config(esp_mqtt_client_handle_t client, const esp_mqtt_cl
client->config->clientkey_buf = config->credentials.authentication.key; client->config->clientkey_buf = config->credentials.authentication.key;
client->config->clientkey_bytes = config->credentials.authentication.key_len; client->config->clientkey_bytes = config->credentials.authentication.key_len;
client->config->skip_cert_common_name_check = config->broker.verification.skip_cert_common_name_check; client->config->skip_cert_common_name_check = config->broker.verification.skip_cert_common_name_check;
client->config->skip_server_verification = config->broker.verification.skip_server_verification;
client->config->use_secure_element = config->credentials.authentication.use_secure_element; client->config->use_secure_element = config->credentials.authentication.use_secure_element;
client->config->ds_data = config->credentials.authentication.ds_data; client->config->ds_data = config->credentials.authentication.ds_data;