diff --git a/docs/audio-input.md b/docs/audio-input.md
index 0b434120..5db10bd6 100755
--- a/docs/audio-input.md
+++ b/docs/audio-input.md
@@ -69,7 +69,15 @@ Add to your [profile](profiles.md):
"username": "",
"port": 1883,
"password": "",
- "site_id": "default"
+ "site_id": "default",
+ "tls": {
+ "enabled": false,
+ "ca_certs": "",
+ "cert_reqs": "CERT_REQUIRED",
+ "certfile": "",
+ "ciphers": "",
+ "keyfile": ""
+ }
}
```
diff --git a/docs/audio-output.md b/docs/audio-output.md
index 5e905a43..757306b6 100755
--- a/docs/audio-output.md
+++ b/docs/audio-output.md
@@ -44,7 +44,15 @@ Add to your [profile](profiles.md):
"username": "",
"port": 1883,
"password": "",
- "site_id": "default"
+ "site_id": "default",
+ "tls": {
+ "enabled": false,
+ "ca_certs": "",
+ "cert_reqs": "CERT_REQUIRED",
+ "certfile": "",
+ "ciphers": "",
+ "keyfile": ""
+ }
}
```
diff --git a/docs/command-listener.md b/docs/command-listener.md
index dbb7c691..3e93359b 100755
--- a/docs/command-listener.md
+++ b/docs/command-listener.md
@@ -86,7 +86,15 @@ Add to your [profile](profiles.md):
"username": "",
"port": 1883,
"password": "",
- "site_id": "default"
+ "site_id": "default",
+ "tls": {
+ "enabled": false,
+ "ca_certs": "",
+ "cert_reqs": "CERT_REQUIRED",
+ "certfile": "",
+ "ciphers": "",
+ "keyfile": ""
+ }
}
```
diff --git a/docs/intent-handling.md b/docs/intent-handling.md
index 601ba483..aa562f64 100755
--- a/docs/intent-handling.md
+++ b/docs/intent-handling.md
@@ -93,14 +93,22 @@ Add to your [profile](profiles.md):
```json
"mqtt": {
- "enabled": true,
- "host": "localhost",
- "username": "",
- "password": "",
- "port": 1883,
- "reconnect_sec": 5,
- "site_id": "default",
- "publish_intents": true
+ "enabled": true,
+ "host": "localhost",
+ "username": "",
+ "password": "",
+ "port": 1883,
+ "reconnect_sec": 5,
+ "site_id": "default",
+ "publish_intents": true,
+ "tls": {
+ "enabled": false,
+ "ca_certs": "",
+ "cert_reqs": "CERT_REQUIRED",
+ "certfile": "",
+ "ciphers": "",
+ "keyfile": ""
+ }
}
```
diff --git a/docs/wake-word.md b/docs/wake-word.md
index 406b7990..4cd664ac 100755
--- a/docs/wake-word.md
+++ b/docs/wake-word.md
@@ -181,7 +181,15 @@ Add to your [profile](profiles.md):
"username": "",
"port": 1883,
"password": "",
- "site_id": "default"
+ "site_id": "default",
+ "tls": {
+ "enabled": false,
+ "ca_certs": "",
+ "cert_reqs": "CERT_REQUIRED",
+ "certfile": "",
+ "ciphers": "",
+ "keyfile": ""
+ }
}
```
diff --git a/profiles/defaults.json b/profiles/defaults.json
index 594354b0..dce609e6 100755
--- a/profiles/defaults.json
+++ b/profiles/defaults.json
@@ -119,7 +119,15 @@
"publish_intents": true,
"reconnect_sec": 5,
"site_id": "default",
- "username": ""
+ "username": "",
+ "tls": {
+ "enabled": false,
+ "ca_certs": "",
+ "cert_reqs": "CERT_REQUIRED",
+ "certfile": "",
+ "ciphers": "",
+ "keyfile": ""
+ }
},
"rhasspy": {
"listen_on_start": true,
diff --git a/rhasspy/mqtt.py b/rhasspy/mqtt.py
index 71d21ce9..f4698849 100755
--- a/rhasspy/mqtt.py
+++ b/rhasspy/mqtt.py
@@ -48,6 +48,7 @@ def __init__(self) -> None:
self.password = None
self.reconnect_sec = 5
self.publish_intents = True
+ self.tls = { "enabled": False }
# -------------------------------------------------------------------------
@@ -66,6 +67,7 @@ def to_started(self, from_state: str) -> None:
self.password = self.profile.get("mqtt.password", None)
self.reconnect_sec = self.profile.get("mqtt.reconnect_sec", 5)
self.publish_intents = self.profile.get("mqtt.publish_intents", True)
+ self.tls = self.profile.get("mqtt.tls", { "enabled": False })
if self.profile.get("mqtt.enabled", False):
self.transition("connecting")
@@ -84,6 +86,27 @@ def to_connecting(self, from_state: str) -> None:
self.client.on_message = self.on_message
self.client.on_disconnect = self.on_disconnect
+ if pydash.get(self.tls, "enabled", False):
+ import ssl
+ allowed_cert_reqs = {
+ "CERT_REQUIRED": ssl.CERT_REQUIRED,
+ "CERT_OPTIONAL": ssl.CERT_OPTIONAL,
+ "CERT_NONE": ssl.CERT_NONE
+ }
+
+ self.client.tls_set(
+ ca_certs=pydash.get(self.tls, "ca_certs", None),
+ cert_reqs=pydash.get(
+ allowed_cert_reqs,
+ pydash.get(self.tls, "cert_reqs", "CERT_REQUIRED"),
+ ssl.CERT_REQUIRED
+ ),
+ certfile=pydash.get(self.tls, "certfile", None),
+ ciphers=pydash.get(self.tls, "ciphers", None),
+ keyfile=pydash.get(self.tls, "keyfile", None),
+ tls_version=ssl.PROTOCOL_TLS
+ )
+
if self.username:
self._logger.debug("Logging in as %s", self.username)
self.client.username_pw_set(self.username, self.password)
diff --git a/rhasspy/profile_schema.json b/rhasspy/profile_schema.json
index 882eb663..88722d2d 100755
--- a/rhasspy/profile_schema.json
+++ b/rhasspy/profile_schema.json
@@ -417,7 +417,18 @@
"reconnect_sec": { "type": "integer", "min": 0 },
"site_id": { "type": "string" },
"username": { "type": "string" },
- "publish_intents": { "type": "boolean" }
+ "publish_intents": { "type": "boolean" },
+ "tls": {
+ "type": "dict",
+ "schema": {
+ "enabled": { "type": "boolean" },
+ "ca_certs": { "type": "string" },
+ "cert_reqs": { "type": "string" },
+ "certfile": { "type": "string" },
+ "ciphers": { "type": "string" },
+ "keyfile": { "type": "string" }
+ }
+ }
}
},
diff --git a/src/assets/ProfileDefaults.js b/src/assets/ProfileDefaults.js
index d125a93c..4b9e532b 100755
--- a/src/assets/ProfileDefaults.js
+++ b/src/assets/ProfileDefaults.js
@@ -109,7 +109,15 @@ const profileDefaults = {
"reconnect_sec": 5,
"site_id": "default",
"username": "",
- "publish_intents": true
+ "publish_intents": true,
+ "tls": {
+ "enabled": false,
+ "ca_certs": "",
+ "cert_reqs": "CERT_REQUIRED",
+ "certfile": "",
+ "ciphers": "",
+ "keyfile": ""
+ }
},
"rhasspy": {
"default_profile": "en",
diff --git a/src/components/profile/Rhasspy.vue b/src/components/profile/Rhasspy.vue
index 7d7fa4d1..929b693f 100755
--- a/src/components/profile/Rhasspy.vue
+++ b/src/components/profile/Rhasspy.vue
@@ -70,6 +70,58 @@
+
+
+
+
+
+
+
+