From 007a02e1ffeebbd80e8151195e4f03f2421006eb Mon Sep 17 00:00:00 2001 From: technyon Date: Fri, 17 Jun 2022 23:11:06 +0200 Subject: [PATCH] declare mqtt cert and key as optional --- README.md | 11 +++++++++-- WebCfgServer.cpp | 8 +++++--- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 2ff8c47..f469450 100644 --- a/README.md +++ b/README.md @@ -13,8 +13,6 @@ As an alternative, download a release:
https://github.com/technyon/nuki_hub/releases
Read the included readme.txt for installation instructions for either Espressif Flash Download Tools or esptool. - - ## Setup The firmware uses the Wifi Manager to configure the WiFi network. Power up the ESP32, a new Access Point should appear. Connect to this access point and in a browser navigate to "192.168.4.1". Use the web interface configure your Wifi network. @@ -63,6 +61,15 @@ Just enable pairing mode on the NUKI lock (press button for a few seconds) and p ### Misc - presence/devices: List of detected bluetooth devices as CSV. Can be used for presence detection +## MQTT Encryption + +The communication via MQTT can be SSL encrypted. To enable SSL encryption, supply the necessary information in the MQTT Configuration page. +The following configurations are supported:
+ +CA, CERT and KEY are empty -> No encryption
+CA is filled but CERT and KEY are empty -> Encrypted MQTT
+CA, CERT and KEY are filled -> Encrypted MQTT with client vaildation
+ ## Connecting via LAN (Optional) If you prefer to connect to the MQTT Broker via LAN instead of WiFi, you can use a Wiznet W5x00 Module (W5100, W5200, W5500 are supported). diff --git a/WebCfgServer.cpp b/WebCfgServer.cpp index bded4a5..5034423 100644 --- a/WebCfgServer.cpp +++ b/WebCfgServer.cpp @@ -469,11 +469,13 @@ void WebCfgServer::buildMqttConfigHtml(String &response) printInputField(response, "MQTTPORT", "MQTT Broker port", _preferences->getInt(preference_mqtt_broker_port), 5); printInputField(response, "MQTTUSER", "MQTT User (# to clear)", _preferences->getString(preference_mqtt_user).c_str(), 30); printInputField(response, "MQTTPASS", "MQTT Password", "*", 30, true); - printTextarea(response, "MQTTCA", "MQTT SSL CA Certificate", _preferences->getString(preference_mqtt_ca).c_str(), TLS_CA_MAX_SIZE); - printTextarea(response, "MQTTCRT", "MQTT SSL Client Certificate", _preferences->getString(preference_mqtt_crt).c_str(), TLS_CERT_MAX_SIZE); - printTextarea(response, "MQTTKEY", "MQTT SSL Client Key", _preferences->getString(preference_mqtt_key).c_str(), TLS_KEY_MAX_SIZE); + printTextarea(response, "MQTTCA", "MQTT SSL CA Certificate (*, optional)", _preferences->getString(preference_mqtt_ca).c_str(), TLS_CA_MAX_SIZE); + printTextarea(response, "MQTTCRT", "MQTT SSL Client Certificate (*, optional)", _preferences->getString(preference_mqtt_crt).c_str(), TLS_CERT_MAX_SIZE); + printTextarea(response, "MQTTKEY", "MQTT SSL Client Key (*, optional)", _preferences->getString(preference_mqtt_key).c_str(), TLS_KEY_MAX_SIZE); printInputField(response, "NETTIMEOUT", "Network Timeout until restart (seconds; -1 to disable)", _preferences->getInt(preference_network_timeout), 5); response.concat(""); + response.concat("* If no encryption is configured for the MQTT broeker, leave empty.
"); + response.concat("
"); response.concat(""); response.concat("");