Allow empty fingerprints of MQTT SSL server #1682
Conversation
|
Maybe additional settings flag instead? something like Another thing, from #1465 : we can use PubSubClient with real certificates starting with Core 2.4.2 (although, as I've noticed, it might choke on some specific certificate types. cloudmqtt was one of them) |
|
Ah, I was not even aware of the other issue. In case support for real certificates is added in the future, it might make sense to use something like `MQTT_SSL_VALIDATION`` which can be none/insecure, fingerprinting, and in future known key (even though it has the same issue as fingerprinting), or trust anchor (maybe in combination with SNI check). I also have some issues with MQTT/SSL timing of messages, but I guess the other topic is a better place for that. |
|
Will be updated once #1751 is merged |
|
Closed in favor of #1829 |
This change allows empty fingerprints of MQTT SSL servers - so bypass key pinning.
Of course this is not really secure, as it allows MITM attacks with fake signatures. But in my opinion this is worth supporting, this way it's much easier to get started with a MQTT/SSL broker setup. In addition, LetsEncrypt certificates change signature every renewal (90 days), so it makes it possible to work with LE-issued certificated without changing the fingerprint at every renewal.