|
1548 | 1548 | //#define MY_MQTT_SUBSCRIBE_TOPIC_PREFIX "mygateway1-in" |
1549 | 1549 |
|
1550 | 1550 | /** |
1551 | | - * @def MY_MQTT_CA_CERT |
1552 | | - * @brief Set a specific CA certificate needed to validate MQTT server against. Use the certificate as a trust anchor, accepting remote certificates signed by it. |
| 1551 | + * @def MY_SSL_CERT_AUTHx |
| 1552 | + * @brief Up to three root Certificates Authorities could be defined to validate the mqtt server' certificate. The most secure. |
| 1553 | + * |
| 1554 | + * This define is mandatory when you need connect MQTT over SSL/TLS. Certificate Authorities. |
| 1555 | + * The best method to validate server certificates. |
| 1556 | + * Advised to retrieve root Certificate Authorities as they expire less often than server certificates. |
| 1557 | + * With let's encrypt you may need up to three Certificate Authorities |
1553 | 1558 | * |
1554 | | - * This define is mandatory when you need connect MQTT over SSL/TLS. |
1555 | 1559 | * Example: @code |
1556 | 1560 | * |
1557 | | - * const char mqtt_ca_cert[] PROGMEM = R"EOF( |
| 1561 | + * const char cert_isrgrootx1_Authority[] PROGMEM = R"EOF( |
| 1562 | + * ----- BEGIN THE CERTIFICATE ----- |
| 1563 | + * XXX ... XXX |
| 1564 | + * ----- FINISH CERTIFICATE ----- |
| 1565 | + * )EOF"; |
| 1566 | + * |
| 1567 | + * const char cert_isrgrootx2_Authority[] PROGMEM = R"EOF( |
1558 | 1568 | * ----- BEGIN THE CERTIFICATE ----- |
1559 | 1569 | * XXX ... XXX |
1560 | 1570 | * ----- FINISH CERTIFICATE ----- |
1561 | 1571 | * )EOF"; |
1562 | 1572 | * |
1563 | | - * #define MY_MQTT_CA_CERT mqtt_ca_cert |
| 1573 | + * const char cert_letsEncryptR3_Authority[] PROGMEM = R"EOF( |
| 1574 | + * ----- BEGIN THE CERTIFICATE ----- |
| 1575 | + * XXX ... XXX |
| 1576 | + * ----- FINISH CERTIFICATE ----- |
| 1577 | + * )EOF"; |
1564 | 1578 | * |
| 1579 | + * #define MY_SSL_CERT_AUTH1 cert_isrgrootx1_Authority |
| 1580 | + * #define MY_SSL_CERT_AUTH1 cert_isrgrootx2_Authority |
| 1581 | + * #define MY_SSL_CERT_AUTH1 cert_letsEncryptR3_Authority |
| 1582 | + * |
| 1583 | + * @endcode |
| 1584 | + */ |
| 1585 | +//#define MY_SSL_CERT_AUTH1 |
| 1586 | + |
| 1587 | +/** |
| 1588 | + * @def MY_SSL_FINGERPRINT |
| 1589 | + * @brief Server certificate validation with its fingerprint |
| 1590 | + * |
| 1591 | + * The finger print to validate the mqtt server certificate. This is less secure and less convenient |
| 1592 | + * than using certificate authorities. |
| 1593 | + * Command (3 lines...) to obtain the certificate finger print: |
| 1594 | + * $>openssl s_client -connect <hostname>:<host port> < /dev/null 2>/dev/null | \ |
| 1595 | + * openssl x509 -fingerprint -noout -in /dev/stdin \ |
| 1596 | + * awk -F= '{print $2}' |
| 1597 | + * |
| 1598 | + * Example: @code |
| 1599 | + * const char mqtt_fingerprint [] PROGMEM = "CA:CE:2B:ED:D3:32:A7:F1:8C:73:9E:9B:B7:D5:75:4A:10:61:E4:05"; |
1565 | 1600 | * @endcode |
1566 | 1601 | */ |
1567 | | -//#define MY_MQTT_CA_CERT |
| 1602 | +//#define MY_SSL_FINGERPRINT |
1568 | 1603 |
|
1569 | 1604 | /** |
1570 | | - * @def MY_MQTT_CLIENT_CERT |
| 1605 | + * @def MY_SSL_CERT_CLIENT |
1571 | 1606 | * @brief Set a client certificate to send to a MQTT server that requests one over TLS connection. |
1572 | 1607 | * |
1573 | | - * This define is mandatory when you need connect MQTT over SSL/TLS. |
| 1608 | + * This define is mandatory when you need connect MQTT over SSL/TLS and client certificate is requested. |
1574 | 1609 | * Example: @code |
1575 | 1610 | * |
1576 | 1611 | * const char mqtt_client_cert[] PROGMEM = R"EOF( |
|
1579 | 1614 | * ----- FINISH CERTIFICATE ----- |
1580 | 1615 | * )EOF"; |
1581 | 1616 | * |
1582 | | - * #define MY_MQTT_CLIENT_CERT mqtt_client_cert |
| 1617 | + * #define MY_SSL_CERT_CLIENT mqtt_client_cert |
1583 | 1618 | * |
1584 | 1619 | * @endcode |
1585 | 1620 | */ |
1586 | | -//#define MY_MQTT_CLIENT_CERT |
| 1621 | +//#define MY_SSL_CERT_CLIENT |
1587 | 1622 |
|
1588 | 1623 | /** |
1589 | | - * @def MY_MQTT_CLIENT_KEY |
1590 | | - * @brief Set a client private key to send to a MQTT server that requests one over TLS connection. |
| 1624 | + * @def MY_SSL_KEY_CLIENT |
| 1625 | + * @brief Set the client private key generated with the MY_SSL_CERT_CLIENT. |
1591 | 1626 | * |
1592 | | - * This define is mandatory when you need connect MQTT over SSL/TLS. |
| 1627 | + * This define is mandatory when you need connect MQTT over SSL/TLS and client certificate is requested. |
1593 | 1628 | * Example: @code |
1594 | 1629 | * |
1595 | 1630 | * const char mqtt_client_key[] PROGMEM = R"EOF( |
|
1598 | 1633 | * ----- FINISH THE RSA PRIVATE KEY ----- |
1599 | 1634 | * )EOF"; |
1600 | 1635 | * |
1601 | | - * #define MY_MQTT_CLIENT_KEY mqtt_client_key |
| 1636 | + * #define MY_SSL_KEY_CLIENT mqtt_client_key |
1602 | 1637 | * |
1603 | 1638 | * @endcode |
1604 | 1639 | */ |
1605 | | -//#define MY_MQTT_CLIENT_KEY |
| 1640 | +//#define MY_SSL_KEY_CLIENT |
1606 | 1641 |
|
1607 | 1642 | /** |
1608 | 1643 | * @def MY_IP_ADDRESS |
|
2373 | 2408 | #define MY_MQTT_CLIENT_ID |
2374 | 2409 | #define MY_MQTT_PUBLISH_TOPIC_PREFIX |
2375 | 2410 | #define MY_MQTT_SUBSCRIBE_TOPIC_PREFIX |
2376 | | -#define MY_MQTT_CA_CERT |
2377 | | -#define MY_MQTT_CLIENT_CERT |
2378 | | -#define MY_MQTT_CLIENT_KEY |
| 2411 | +#define MY_SSL_CERT_AUTH1 |
| 2412 | +#define MY_SSL_CERT_AUTH2 |
| 2413 | +#define MY_SSL_CERT_AUTH3 |
| 2414 | +#define MY_SSL_FINGERPRINT |
| 2415 | +#define MY_SSL_CERT_CLIENT |
| 2416 | +#define MY_SSL_KEY_CLIENT |
2379 | 2417 | #define MY_SIGNAL_REPORT_ENABLED |
2380 | 2418 | // general |
2381 | 2419 | #define MY_WITH_LEDS_BLINKING_INVERSE |
|
0 commit comments