Question

WebUI allows setting up MQTT bridge with remote TLS without CA certificate, client certificate or client key. However this generates an invalid mosquitto.conf. mosquitto is cable of using OS CA certificate and connect to TLS enabled broker. I have created several patches that will modify the firmware to make sure mosquitto.conf generated is valid and works as expected. 

Affected devices devices/firmware:

• RUT240 (Firmware version ?)
• TRB145 (Firmware version TRB1_R_00.02.05.2)

I suggest that if no CA certificate is not provided use bridge_cafile /etc/cacert.pem. If no client certificate is provided, exclude bridge_certfile. If no client key is not provided, exclude bridge_keyfile.

Here are the patches:

• RUT240

  • MQTT broker bridge, make client certificate and key optional

  • MQTT broker, make CA certificate optional

• TRB145
  • MQTT broker bridge, make client certificate and key optional
  • MQTT bridge CA file optional
  • MQTT broker CA file optional

I would appreciate feedback about the patches. If they are good, I hope they will be applied before the next firmware release.

Answer 1

Hi,

These are great and reasonable changes you've made! I will take them to RnD and ask what do they think and if this is good to implement in our next firmware versions.

Thank you very much for your feedback and we will make sure to provide you with one too.

EB.