Merge pull request #87 from martfra/main

lreiher · web-flow · commit 8d81fcec60e4 · 2025-08-08T08:56:04.000+02:00
Add Parameter to Disable Verification of Server Certificate
diff --git a/README.md b/README.md
@@ -221,6 +221,7 @@ client:
     version:              # TLS version (https://github.com/eclipse/paho.mqtt.cpp/blob/master/src/mqtt/ssl_options.h#L305)
     verify:               # verify the client should conduct post-connect checks.
     alpn_protos:          # list of ALPN protocols (https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_alpn_protos.html)
+    server_cert_auth:     # [true] whether to verify the server certificate
 ```
 
 #### Bridge Parameters
diff --git a/mqtt_client/include/mqtt_client/MqttClient.hpp b/mqtt_client/include/mqtt_client/MqttClient.hpp
@@ -423,6 +423,7 @@ class MqttClient : public rclcpp::Node,
       int version;                           ///< TLS version (https://github.com/eclipse/paho.mqtt.cpp/blob/master/src/mqtt/ssl_options.h#L305)
       bool verify;                           ///< Verify the client should conduct
                                              ///< post-connect checks
+      bool server_cert_auth;                 ///< whether to verify the server certificate
       std::vector<std::string> alpn_protos;  ///< list of ALPN protocols
     } tls;                                   ///< SSL/TLS-related variables
   };
diff --git a/mqtt_client/src/MqttClient.cpp b/mqtt_client/src/MqttClient.cpp
@@ -309,6 +309,8 @@ void MqttClient::loadParameters() {
   declare_parameter("client.tls.key", rclcpp::ParameterType::PARAMETER_STRING, param_desc);
   param_desc.description = "client private key password";
   declare_parameter("client.tls.password", rclcpp::ParameterType::PARAMETER_STRING, param_desc);
+  param_desc.description = "whether to verify the server certificate";
+  declare_parameter("client.tls.server_cert_auth", rclcpp::ParameterType::PARAMETER_BOOL, param_desc);
 
   param_desc.description = "The list of topics to bridge from ROS to MQTT";
   const auto ros2mqtt_ros_topics = declare_parameter<std::vector<std::string>>("bridge.ros2mqtt.ros_topics", std::vector<std::string>(), param_desc);
@@ -398,6 +400,7 @@ void MqttClient::loadParameters() {
       loadParameter("client.tls.verify", client_config_.tls.verify);
       loadParameter("client.tls.alpn_protos", client_config_.tls.alpn_protos);
     }
+    loadParameter("client.tls.server_cert_auth", client_config_.tls.server_cert_auth, true);
   }
 
   // resolve filepaths
@@ -886,6 +889,7 @@ void MqttClient::setupClient() {
       if (!client_config_.tls.password.empty())
         ssl.set_private_key_password(client_config_.tls.password);
     }
+    ssl.set_enable_server_cert_auth(client_config_.tls.server_cert_auth);
     ssl.set_ssl_version(client_config_.tls.version);
     ssl.set_verify(client_config_.tls.verify);
     ssl.set_alpn_protos(client_config_.tls.alpn_protos);
