Add cafile and require_certificate options (#623)

* Add cafile and require_certificate options

* Fix variable definition

* Please linter

* Update changelog

* Remove defaulting for cafile and require_certificate

* Change major in changelog for mosquitto

* Make changes backward compatible

* Add missing double quotes

* Achieve real backward compatibility

* Add missing double quotes

mosquitto/data/run.sh

@@ -8,6 +8,8 @@ LOGINS=$(jq --raw-output ".logins | length" $CONFIG_PATH)
 ANONYMOUS=$(jq --raw-output ".anonymous" $CONFIG_PATH)
 KEYFILE=$(jq --raw-output ".keyfile" $CONFIG_PATH)
 CERTFILE=$(jq --raw-output ".certfile" $CONFIG_PATH)
+CAFILE=$(jq --raw-output --exit-status ".cafile | select (.!=null)" $CONFIG_PATH || echo "$CERTFILE")
+REQUIRE_CERTIFICATE=$(jq --raw-output ".require_certificate" $CONFIG_PATH)
 CUSTOMIZE_ACTIVE=$(jq --raw-output ".customize.active" $CONFIG_PATH)
 LOGGING=$(bashio::info 'hassio.info.logging' '.logging')
 HOMEASSISTANT_PW=
@@ -17,15 +19,17 @@ WAIT_PIDS=()
 SSL_CONFIG="
 listener 8883
 protocol mqtt
-cafile /ssl/$CERTFILE
+cafile /ssl/$CAFILE
 certfile /ssl/$CERTFILE
 keyfile /ssl/$KEYFILE
+require_certificate $REQUIRE_CERTIFICATE
 
 listener 8884
 protocol websockets
-cafile /ssl/$CERTFILE
+cafile /ssl/$CAFILE
 certfile /ssl/$CERTFILE
 keyfile /ssl/$KEYFILE
+require_certificate $REQUIRE_CERTIFICATE
 "
 
 function write_system_users() {
@@ -91,7 +95,7 @@ else
 fi
 
 # Enable SSL if exists configs
-if [ -e "/ssl/$CERTFILE" ] && [ -e "/ssl/$KEYFILE" ]; then
+if [ -e "/ssl/$CAFILE" ] && [ -e "/ssl/$CERTFILE" ] && [ -e "/ssl/$KEYFILE" ]; then
     echo "$SSL_CONFIG" >> /etc/mosquitto.conf
 else
     bashio::log.warning "SSL not enabled - No valid certs found!"