Allow use of TLS without custom/self-signed certificate chain

Fixes #347

Author: bj00rn

src/configuration/parser.py

@@ -97,9 +97,6 @@ def __parse_mqtt_transport(args: Namespace, config: Configuration) -> None:
             config.mqtt_transport_protocol = TransportProtocol.TLS
             if args.tls_server_cert_path:
                 config.tls_server_cert_path = args.tls_server_cert_path
-            else:
-                msg = f"No server certificate authority file provided for TLS MQTT URI {args.mqtt_uri}"
-                raise SystemExit(msg)
         else:
             msg = f"Invalid MQTT URI scheme: {parse_result.scheme}, use tcp or ws"
             raise SystemExit(msg)

src/publisher/mqtt_publisher.py

@@ -50,14 +50,16 @@ async def connect(self) -> None:
                 )
             else:
                 self.client.set_auth_credentials(username=self.configuration.mqtt_user)
+
         if self.transport_protocol.with_tls:
+            ssl_context = ssl.create_default_context()
             cert_uri = self.configuration.tls_server_cert_path
-            LOG.debug(
-                f"Configuring network encryption and authentication options for MQTT using {cert_uri}"
-            )
-            ssl_context = ssl.SSLContext()
-            ssl_context.load_verify_locations(cafile=cert_uri)
-            ssl_context.check_hostname = False
+            if cert_uri:
+                LOG.debug(
+                    f"Using custom CA file {cert_uri}"
+                )
+                ssl_context.load_verify_locations(cafile=cert_uri)
+                ssl_context.check_hostname = False
         else:
             ssl_context = None
         await self.client.connect(