added SSL/TLS support for MQTT

include/credentials.h

@@ -7,6 +7,7 @@ extern const char *thingspeakApiKey;
 
 extern const char *mqttHost;
 extern int mqttPort;
+extern const char *mqttTlsServerRootCert;
 extern const char *mqttUser;
 extern const char *mqttPassword;
 extern const char *mqttTopic;

src/TEMPLATE_secret_credentials.h

@@ -20,6 +20,31 @@ const char *thingspeakApiKey = "MYAPIKEY";
 // set host to NULL or empty string to disable MQTT publishing:
 const char *mqttHost = "my.mqtt.server";
 int mqttPort = 1833;
+// set MQTT server's root CA cert to NULL or empty string to disable MQTT TLS/SSL:
+const char *mqttTlsServerRootCert = R""""(
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
+MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
+v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
+eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
+tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
+C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
+zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
+mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
+V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
+bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
+3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
+J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
+291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
+AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
+TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+-----END CERTIFICATE-----
+)"""";
 const char *mqttUser = "user";
 const char *mqttPassword = "mypassword";
 const char *mqttTopic = "home/radioactivity";

src/ingest.cpp

@@ -1,4 +1,5 @@
 #include <WiFi.h>
+#include <WiFiClientSecure.h>
 #include <MQTT.h>
 
 #include "GeigerData.h"
@@ -8,6 +9,7 @@
 const char *thingsPeakUrl = "api.thingspeak.com";
 
 WiFiClient mqttWifiClient;
+WiFiClientSecure mqttWifiClientSecure;
 MQTTClient mqttClient;
 
 bool connectWiFi()
@@ -149,13 +151,22 @@ bool connectMqtt()
 
 	if (!mqttClient.connected())
 	{
+		const bool tls = mqttTlsServerRootCert != NULL && mqttTlsServerRootCert[0] != 0;
 		Serial.print("Connecting to MQTT host ");
 		Serial.print(mqttHost);
 		Serial.print(":");
 		Serial.print(mqttPort);
 		Serial.print(" user ");
 		Serial.print(mqttUser);
-		mqttClient.begin(mqttHost, mqttPort, mqttWifiClient);
+		if (tls) {
+			Serial.print(" with TLS ");
+			mqttWifiClientSecure.setCACert(mqttTlsServerRootCert);
+			mqttClient.begin(mqttHost, mqttPort, mqttWifiClientSecure);
+		} else {
+			Serial.print(" without TLS ");
+			mqttClient.begin(mqttHost, mqttPort, mqttWifiClient);
+		}
+
 		if (mqttClient.connect("esp32-geiger-counter", mqttUser, mqttPassword))
 		{
 			Serial.println(" successful");