fix: Handle TLS for all MQTT connections

2026-05-02 19:52:14 +02:00 · 2026-04-24 14:30:44 -07:00
parent 3a6da407be
commit b3fdfee474
1 changed files with 11 additions and 8 deletions
--- a/repeater/data_acquisition/mqtt_handler.py
+++ b/repeater/data_acquisition/mqtt_handler.py
@@ -305,19 +305,22 @@ class _BrokerConnection:
            return

        if self.transport == "websockets":
-            if self.tls and self.tls.get("enabled", True):
-                import ssl
-
-                self.client.tls_set(cert_reqs=ssl.CERT_REQUIRED, tls_version=ssl.PROTOCOL_TLS_CLIENT)
-                self.client.tls_insecure_set(self.tls.get("insecure", False))
-                self._tls_verified = True
-                protocol = "wss"
-            else:
                protocol = "ws"
        elif self.transport == "tcp":
            protocol = "mqtt"
        else:
            raise ValueError(f"Invalid transport '{self.transport}' for {self.broker['name']}")
+        
+        # Setup TLS independent of transport - MQTT over TLS can be used with both websockets and raw TCP
+        if self.tls and self.tls.get("enabled", False):
+            import ssl
+            self.client.tls_set(cert_reqs=ssl.CERT_REQUIRED, tls_version=ssl.PROTOCOL_TLS_CLIENT)
+            self.client.tls_insecure_set(self.tls.get("insecure", False))
+            self._tls_verified = True
+
+            # Ensure to update the protocol is we're running TLS on websockets
+            if( self.transport == "websockets" ):
+                protocol = "wss"

        # Set JWT credentials before CONNECT handshake
        self._set_credentials()