Add support X.509 client certificates for MQTT. (#5778)

Co-authored-by: h2zero <powellperalata@gmail.com> Co-authored-by: Jesse Hills <3060199+jesserockz@users.noreply.github.com>
2025-09-09 14:52:20 +01:00 · 2024-01-17 16:26:56 -07:00
parent b606e976e1
commit e731a2ffaa
5 changed files with 29 additions and 0 deletions
--- a/esphome/components/mqtt/init.py
+++ b/esphome/components/mqtt/init.py
@@ -10,6 +10,8 @@ from esphome.const import (
    CONF_BIRTH_MESSAGE,
    CONF_BROKER,
    CONF_CERTIFICATE_AUTHORITY,
+    CONF_CLIENT_CERTIFICATE,
+    CONF_CLIENT_CERTIFICATE_KEY,
    CONF_CLIENT_ID,
    CONF_COMMAND_TOPIC,
    CONF_COMMAND_RETAIN,
@@ -199,6 +201,12 @@ CONFIG_SCHEMA = cv.All(
            cv.Optional(CONF_CERTIFICATE_AUTHORITY): cv.All(
                cv.string, cv.only_with_esp_idf
            ),
+            cv.Inclusive(CONF_CLIENT_CERTIFICATE, "cert-key-pair"): cv.All(
+                cv.string, cv.only_on_esp32
+            ),
+            cv.Inclusive(CONF_CLIENT_CERTIFICATE_KEY, "cert-key-pair"): cv.All(
+                cv.string, cv.only_on_esp32
+            ),
            cv.SplitDefault(CONF_SKIP_CERT_CN_CHECK, esp32_idf=False): cv.All(
                cv.boolean, cv.only_with_esp_idf
            ),
@@ -378,6 +386,9 @@ async def to_code(config):
    if CONF_CERTIFICATE_AUTHORITY in config:
        cg.add(var.set_ca_certificate(config[CONF_CERTIFICATE_AUTHORITY]))
        cg.add(var.set_skip_cert_cn_check(config[CONF_SKIP_CERT_CN_CHECK]))
+        if CONF_CLIENT_CERTIFICATE in config:
+            cg.add(var.set_cl_certificate(config[CONF_CLIENT_CERTIFICATE]))
+            cg.add(var.set_cl_key(config[CONF_CLIENT_CERTIFICATE_KEY]))

        # prevent error -0x428e
        # See https://github.com/espressif/esp-idf/issues/139