Add cafile and require_certificate options (#623)

* Add cafile and require_certificate options * Fix variable definition * Please linter * Update changelog * Remove defaulting for cafile and require_certificate * Change major in changelog for mosquitto * Make changes backward compatible * Add missing double quotes * Achieve real backward compatibility * Add missing double quotes
2025-12-17 05:04:21 +01:00 · 2019-09-26 07:41:20 +00:00
parent bcdd548d0f
commit d898650e8e
3 changed files with 18 additions and 6 deletions
--- a/mosquitto/CHANGELOG.md
+++ b/mosquitto/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog

+## 5.1
+
+- Add cafile option in configuration
+- Add require_certificate option in configuration
+
 ## 5.0

 - Update mosquitto 1.6.3 / Alpine 3.10
--- a/mosquitto/config.json
+++ b/mosquitto/config.json
@@ -1,6 +1,6 @@
 {
  "name": "Mosquitto broker",
-  "version": "5.0",
+  "version": "5.1",
  "slug": "mosquitto",
  "description": "An Open Source MQTT broker",
  "url": "https://home-assistant.io/addons/mosquitto/",
@@ -25,7 +25,8 @@
      "folder": "mosquitto"
    },
    "certfile": "fullchain.pem",
-    "keyfile": "privkey.pem"
+    "keyfile": "privkey.pem",
+    "require_certificate": false
  },
  "schema": {
    "logins": [
@@ -36,8 +37,10 @@
      "active": "bool",
      "folder": "str"
    },
+    "cafile": "str?",
    "certfile": "str",
-    "keyfile": "str"
+    "keyfile": "str",
+    "require_certificate": "bool"
  },
  "image": "homeassistant/{arch}-addon-mosquitto"
 }
--- a/mosquitto/data/run.sh
+++ b/mosquitto/data/run.sh
@@ -8,6 +8,8 @@ LOGINS=$(jq --raw-output ".logins | length" $CONFIG_PATH)
 ANONYMOUS=$(jq --raw-output ".anonymous" $CONFIG_PATH)
 KEYFILE=$(jq --raw-output ".keyfile" $CONFIG_PATH)
 CERTFILE=$(jq --raw-output ".certfile" $CONFIG_PATH)
+CAFILE=$(jq --raw-output --exit-status ".cafile | select (.!=null)" $CONFIG_PATH || echo "$CERTFILE")
+REQUIRE_CERTIFICATE=$(jq --raw-output ".require_certificate" $CONFIG_PATH)
 CUSTOMIZE_ACTIVE=$(jq --raw-output ".customize.active" $CONFIG_PATH)
 LOGGING=$(bashio::info 'hassio.info.logging' '.logging')
 HOMEASSISTANT_PW=
@@ -17,15 +19,17 @@ WAIT_PIDS=()
 SSL_CONFIG="
 listener 8883
 protocol mqtt
-cafile /ssl/$CERTFILE
+cafile /ssl/$CAFILE
 certfile /ssl/$CERTFILE
 keyfile /ssl/$KEYFILE
+require_certificate $REQUIRE_CERTIFICATE

 listener 8884
 protocol websockets
-cafile /ssl/$CERTFILE
+cafile /ssl/$CAFILE
 certfile /ssl/$CERTFILE
 keyfile /ssl/$KEYFILE
+require_certificate $REQUIRE_CERTIFICATE
 "

 function write_system_users() {
@@ -91,7 +95,7 @@ else
 fi

 # Enable SSL if exists configs
-if [ -e "/ssl/$CERTFILE" ] && [ -e "/ssl/$KEYFILE" ]; then
+if [ -e "/ssl/$CAFILE" ] && [ -e "/ssl/$CERTFILE" ] && [ -e "/ssl/$KEYFILE" ]; then
    echo "$SSL_CONFIG" >> /etc/mosquitto.conf
 else
    bashio::log.warning "SSL not enabled - No valid certs found!"