From 1ce2d727cc3a1b21e67840b25d5fa2a234e77d79 Mon Sep 17 00:00:00 2001
From: CyclingEngineer <cyclingengineer-github@silly-science.co.uk>
Date: Sat, 22 Jul 2017 16:37:29 +0100
Subject: [PATCH] Add SSL support as a configuration option

---
 main.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/main.py b/main.py
index 8594ad0..24f758a 100644
--- a/main.py
+++ b/main.py
@@ -4,6 +4,7 @@ import paho.mqtt.client as mqtt
 import logging
 import argparse
 from time import sleep
+import ssl
 
 logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
 from scapy.all import *
@@ -21,6 +22,12 @@ host =
 #user =
 # Password (if required)
 #pass =
+# SSL required? (Default: False)
+# Uses TLSv1.2
+#ssl = True
+# CA Cert location (Default: /etc/ssl/certs/ca-certificates.crt)
+# This is sufficient for brokers using LetsEncrypt
+#certpath =
 
 [Buttons]
 # For every line, list the MAC of the button, and the MQTT topic to publish to.
@@ -69,6 +76,8 @@ if __name__ == '__main__':
     hostname = config['MQTT'].get('host')
     port = config['MQTT'].get('port')
     authrequired = config['MQTT'].getboolean('auth', False)
+    sslrequired = config['MQTT'].getboolean('ssl', False)
+    ca_certs = config['MQTT'].get('certpath', "/etc/ssl/certs/ca-certificates.crt")
     if (authrequired):
         username = config['MQTT'].get('user')
         password = config['MQTT'].get('pass')
@@ -82,6 +91,8 @@ if __name__ == '__main__':
 
     if (authrequired):
         mqttc.username_pw_set(username,password=password)
+    if (sslrequired):
+        mqttc.tls_set( ca_certs, tls_version=ssl.PROTOCOL_TLSv1_2 )
     mqttc.connect(hostname)
     mqttc.loop_start()
     sniff(prn=arp_display, filter="arp", store=0, count=0)