Enabled SSL for HTTP and MQTT client

2017-10-20 14:50:51 +02:00 · 2017-10-20 14:50:51 +02:00 · b081def24b
commit b081def24b
--- a/README.md
+++ b/README.md
@ -3,7 +3,7 @@ An MQTT Broker/Client with scripting support on the ESP8266

 This program enables the ESP8266 to become the central node in a small distributed IoT system. It implements an MQTT Broker and a simple scripted rule engine with event/action statements that links together the MQTT sensors and actors. It can act as STA, as AP, or as both and it can connect to another MQTT broker (i.e. in the cloud). Here it can act as bridge and forward and rewrite topics in both directions. Also it can parse JSON structures, send basic HTTP GET requests and do basic I/O: i.e. read and write to local GPIO pins, react on timers and GPIO interrupts, drive GPIO pins with PWM, and read the ADC.

-If you need the plain MQTT broker functionality in an Arduino project. look here: https://github.com/martin-ger/esp_mqtt/blob/master/README.md#using-the-esp_umqtt_broker-in-an-arduino-project
+If you need the plain MQTT broker functionality in an Arduino project look here: https://github.com/martin-ger/esp_mqtt/blob/master/README.md#using-the-esp_umqtt_broker-in-an-arduino-project

 Find a video that explains the ideas and the architecture of the project at: https://www.youtube.com/watch?v=0K9q4IuB_oA

@ -79,9 +79,20 @@ By default the "remote" MQTT client is disabled. It can be enabled by setting th
 - set mqtt_host _IP_or_hostname_: IP or hostname of the MQTT broker ("none" disables the MQTT client)
 - set mqtt_user _username_: Username for authentication ("none" if no authentication is required at the broker)
 - set mqtt_user _password_: Password for authentication
+- set mqtt_ssl [0|1]: Use SSL for connection to the remote broker (default: 0 = off)
 - set mqtt_id _clientId_: Id of the client at the broker (default: "ESPRouter_xxxxxx" derived from the MAC address)
 - publish [local|remote] [topic] [data]: this publishes a topic (mainly for testing)

+The remote MQTT server can be accessed via SSL, e.g. a secure test connection to test.mosquitto.org can be configured as following:
+```
+CMD>set mqtt_host test.mosquitto.org
+CMD>set mqtt_port 8883
+CMD>set mqtt_ssl 1
+CMD>save
+CMD>reset
+```
+Certificate check is not yet implemented.
+
 # Scripting
 The esp_uMQTT_broker comes with a build-in scripting engine. A script enables the ESP not just to act as a passive broker but to react on events (publications and timing events), to send out its own items and handle local I/O. Details on syntax and semantics of the scripting language can be found here: https://github.com/martin-ger/esp_mqtt/blob/master/SCRIPTING.md . Examples of scripts are in the "scripts" directory.

@ -114,7 +125,15 @@ HTTP script download completed (330 Bytes)
 Syntax okay
 CMD>
 ```
-The ESP tries to download the script from the given URL and prints upon success or failure a report on the console. Currently the download only works via plain HTTP and no redirects are followed.
+You can also download over the internet, e.g. directly from github:
+```
+CMD>script https://raw.githubusercontent.com/martin-ger/esp_mqtt/master/scripts/script.pwm
+HTTP request to https://raw.githubusercontent.com/martin-ger/esp_mqtt/master/scripts/script.pwm started
+HTTP script download completed (749 Bytes)
+Syntax okay
+CMD>
+```
+The ESP tries to download the script from the given URL and prints upon success or failure a report on the console.

 ## Script Push (netcat)
 Another option is to upload the script as plain TCP stream. Start the upload with "script <portno>" on the console of the ESP, e.g.:
--- a/firmware/0x00000.bin
+++ b/firmware/0x00000.bin
--- a/firmware/0x10000.bin
+++ b/firmware/0x10000.bin
--- a/firmware/libmqtt.a
+++ b/firmware/libmqtt.a
--- a/firmware/sha1sums
+++ b/firmware/sha1sums
@ -1,2 +1,2 @@
-71c696ae9c870fb376447990d95424a0ff3f14c0  0x00000.bin
-c1a223297832120386ac24137a95070cd7aa077e  0x10000.bin
+9dad862d14876b1c50a0f8777e7a9b72e449082a  0x00000.bin
+edd4dd0092fe30212e168c4bf091ba7849dbdf34  0x10000.bin
--- a/user/config_flash.c
+++ b/user/config_flash.c
@ -39,6 +39,7 @@ void config_load_default(sysconfig_p config) {

    config->max_subscriptions = 30;
    config->max_retained_messages = 30;
+    config->auto_retained = 0;
    os_sprintf(config->mqtt_broker_user, "%s", "none");
    config->mqtt_broker_password[0] = 0;
    config->mqtt_broker_access = LOCAL_ACCESS | REMOTE_ACCESS;
@ -46,6 +47,7 @@ void config_load_default(sysconfig_p config) {
 #ifdef MQTT_CLIENT
    os_sprintf(config->mqtt_host, "%s", "none");
    config->mqtt_port = 1883;
+    config->mqtt_ssl = false;
    os_sprintf(config->mqtt_user, "%s", "none");
    config->mqtt_password[0] = 0;
    wifi_get_macaddr(0, mac);
--- a/user/config_flash.h
+++ b/user/config_flash.h
@ -51,6 +51,7 @@ typedef struct

    uint16_t	max_subscriptions;	// Upper limit of subscribed topics
    uint16_t	max_retained_messages;	// Upper limit of stored retained messages
+    uint8_t	auto_retained;	// Automatically save retained messages to flash (default: off)
    uint8_t     mqtt_broker_user[32];	// Username for client login, "none" if empty
    uint8_t     mqtt_broker_password[32]; // Password for client login
    uint8_t	mqtt_broker_access;	// Controls the interfaces that allow MQTT access (default LOCAL_ACCESS | REMOTE_ACCESS)
@ -58,6 +59,7 @@ typedef struct
 #ifdef MQTT_CLIENT
    uint8_t     mqtt_host[32];	// IP or hostname of the MQTT broker, "none" if empty
    uint16_t	mqtt_port;	// Port of the MQTT broker
+    uint8_t	mqtt_ssl;	// Use SSL (default: no)

    uint8_t     mqtt_user[32];	// Username for broker login, "none" if empty
    uint8_t     mqtt_password[32]; // Password for broker login
--- a/user/user_config.h
+++ b/user/user_config.h
@ -18,7 +18,7 @@
 // Define MQTT_SSL_ENABLE if you need SSL for the *MQTT client*
 //
 #define MQTT_CLIENT 	1
-//#define MQTT_SSL_ENABLE	1
+#define MQTT_SSL_ENABLE	1

 //
 // Change this to adjust memory consuption of one MQTT connection
@ -69,7 +69,7 @@
 // Define HTTPCS if you want to have additional HTTPS support.
 //
 #define HTTPC	  1
-//#define HTTPCS	  1
+#define HTTPCS	  1

 //
 // Define this if you want to have JSON parse support in scripts.
--- a/user/user_main.c
+++ b/user/user_main.c
@ -479,7 +479,7 @@ void ICACHE_FLASH_ATTR console_handle_command(struct espconn *pespconn) {
 	to_console(response);
 #endif
 #ifdef MQTT_CLIENT
-	os_sprintf(response, "set [mqtt_host|mqtt_port|mqtt_user|mqtt_password|mqtt_id] <val>\r\n");
+	os_sprintf(response, "set [mqtt_host|mqtt_port|mqtt_ssl|mqtt_user|mqtt_password|mqtt_id] <val>\r\n");
 	to_console(response);
 #endif

@ -551,9 +551,10 @@ void ICACHE_FLASH_ATTR console_handle_command(struct espconn *pespconn) {

 	    if (os_strcmp(config.mqtt_host, "none") != 0) {
 		os_sprintf(response,
-			   "MQTT client host: %s\r\nMQTT client port: %d\r\nMQTT client user: %s\r\nMQTT client password: %s\r\nMQTT client id: %s\r\n",
+			   "MQTT client host: %s\r\nMQTT client port: %d\r\nMQTT client user: %s\r\nMQTT client password: %s\r\nMQTT client id: %s\r\nMQTT SSL: %s\r\n",
 			   config.mqtt_host, config.mqtt_port, config.mqtt_user,
-			   config.locked ? "***" : (char *)config.mqtt_password, config.mqtt_id);
+			   config.locked ? "***" : (char *)config.mqtt_password, config.mqtt_id,
+			   config.mqtt_ssl ? "on" : "off");
 		to_console(response);
 	    }
 #endif
@ -1201,6 +1202,12 @@ void ICACHE_FLASH_ATTR console_handle_command(struct espconn *pespconn) {
 		goto command_handled;
 	    }

+	    if (strcmp(tokens[1], "mqtt_ssl") == 0) {
+		config.mqtt_ssl = atoi(tokens[2]);
+		os_sprintf(response, "MQTT ssl %s\r\n", config.mqtt_ssl?"on":"off");
+		goto command_handled;
+	    }
+
 	    if (strcmp(tokens[1], "mqtt_user") == 0) {
 		os_strncpy(config.mqtt_user, tokens[2], 32);
 		config.mqtt_user[31] = 0;
@ -1488,8 +1495,11 @@ void wifi_handle_event_cb(System_Event_t * evt) {
 #endif

 #ifdef NTP
-	if (os_strcmp(config.ntp_server, "none") != 0)
+	if (os_strcmp(config.ntp_server, "none") != 0) {
 	    ntp_set_server(config.ntp_server);
+	    sntp_setservername(1, config.ntp_server);
+	    sntp_init();
+	}
 	set_timezone(config.ntp_timezone);
 #endif

@ -1719,7 +1729,7 @@ void  user_init() {
    mqtt_connected = false;
    mqtt_enabled = (os_strcmp(config.mqtt_host, "none") != 0);
    if (mqtt_enabled) {
-	MQTT_InitConnection(&mqttClient, config.mqtt_host, config.mqtt_port, 0);
+	MQTT_InitConnection(&mqttClient, config.mqtt_host, config.mqtt_port, config.mqtt_ssl);

 	if (os_strcmp(config.mqtt_user, "none") == 0) {
 	    MQTT_InitClient(&mqttClient, config.mqtt_id, 0, 0, 120, 1);