Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow acl in mqtt when client certificate is in use #22972

Closed
wants to merge 3 commits into from
Closed

Allow acl in mqtt when client certificate is in use #22972

wants to merge 3 commits into from

Conversation

GMagician
Copy link
Contributor

@GMagician GMagician commented Feb 9, 2025
edited
Loading

Acl in mqtt needs user name if 'use_identity_as_username/use_subject_as_username' is not true. It also seems that login in mqtt doesn't accept an user with an empty password, then reenabled both

Checklist:

  • The pull request is done against the latest development branch
  • Only relevant files were touched
  • Only one feature/fix was added per PR and the code change compiles without warnings
  • The code change is tested and works with Tasmota core ESP8266 V.2.7.8
  • The code change is tested and works with Tasmota core ESP32 V.3.1.1.250203
  • I accept the CLA.

@GMagician GMagician changed the title Allow acl in mqtt Allow acl in mqtt when client certificate is in use Feb 9, 2025
@s-hadinger
Copy link
Collaborator

The problem here is that Tasmota sets non-empty user/password for MQTT. This change would immediately break any existing configuration when using Client Certificate, and not setting user/password to empty strings.

I'm afraid there should be some option or additional setting to force user/password when using client cert

@GMagician
Copy link
Contributor Author

The problem here is that Tasmota sets non-empty user/password for MQTT. This change would immediately break any existing configuration when using Client Certificate, and not setting user/password to empty strings.

I'm afraid there should be some option or additional setting to force user/password when using client cert

I missed this....sorry. maybe may I recycle INCLUDE_LOCAL_CERT?

@GMagician
Allow acl in mqtt
0c69ae5 
Acl in mqtt needs user name if 'use_identity_as_username' is not true. It also seems that login in mqtt don't accept an user with an empty password, then reenabled both
@GMagician
Add new define for mosquitto
1033e71 
Keep compatibility with AWS_IOT
@GMagician
Better approach to custom client certificate
51f8499 
Don't duplicate defined check. Let USE_MQTT_AWS_IOT automatically set USE_MQTT_CLIENT_CERT and use latter in all code
@GMagician GMagician closed this Feb 12, 2025
@GMagician
Copy link
Contributor Author

Replaced by #22998

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@s-hadinger s-hadinger s-hadinger left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@GMagician @s-hadinger