From ac5ab4afd00bb234cf75cee77889ac94ecd224ae Mon Sep 17 00:00:00 2001
From: Florian <1technophile@users.noreply.github.com>
Date: Fri, 2 Dec 2022 11:31:22 -0600
Subject: [PATCH 1/2] Enable connection with encryption without certificate
 validation

---
 main/User_config.h | 4 ++++
 main/main.ino      | 8 +++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/main/User_config.h b/main/User_config.h
index ade826c9d0..6c2c9a437d 100644
--- a/main/User_config.h
+++ b/main/User_config.h
@@ -196,6 +196,10 @@ const char* certificate PROGMEM = R"EOF("
 #    define MQTT_SECURE_DEFAULT false
 #  endif
 
+#  ifndef MQTT_CERT_VALIDATE_DEFAULT
+#    define MQTT_CERT_VALIDATE_DEFAULT false
+#  endif
+
 #  ifndef AWS_IOT
 #    define AWS_IOT false
 #  endif
diff --git a/main/main.ino b/main/main.ino
index c361a06d40..afb0576c54 100644
--- a/main/main.ino
+++ b/main/main.ino
@@ -213,6 +213,7 @@ static unsigned long last_ota_activity_millis = 0;
 #  define isDiscovered(device)  device->isDisc
 
 static bool mqtt_secure = MQTT_SECURE_DEFAULT;
+static bool mqtt_cert_validate = MQTT_CERT_VALIDATE_DEFAULT;
 static uint8_t mqtt_ss_index = MQTT_SECURE_SELF_SIGNED_INDEX_DEFAULT;
 static String mqtt_cert = "";
 static String ota_server_cert = "";
@@ -729,7 +730,12 @@ void setup() {
 #if defined(ESP8266) || defined(ESP32)
   if (mqtt_secure) {
     eClient = new WiFiClientSecure;
-    setupTLS(MQTT_SECURE_SELF_SIGNED, mqtt_ss_index);
+    if (mqtt_cert_validate) {
+      setupTLS(MQTT_SECURE_SELF_SIGNED, mqtt_ss_index);
+    } else {
+      WiFiClientSecure* sClient = (WiFiClientSecure*)eClient;
+      sClient->setInsecure();
+    }
   } else {
     eClient = new WiFiClient;
   }

From d77fe0adcea9d62a817e8ddd6030fc954cab8200 Mon Sep 17 00:00:00 2001
From: Florian <1technophile@users.noreply.github.com>
Date: Thu, 12 Jan 2023 10:03:03 -0600
Subject: [PATCH 2/2] Add the cert validation for AWS env

---
 platformio.ini | 1 +
 1 file changed, 1 insertion(+)

diff --git a/platformio.ini b/platformio.ini
index f1dfb74882..9357f1fc2c 100644
--- a/platformio.ini
+++ b/platformio.ini
@@ -473,6 +473,7 @@ build_flags =
   '-DLED_SEND_RECEIVE_ON=0'
   '-DMQTT_SECURE_DEFAULT=true'
   '-DMQTT_SECURE_SELF_SIGNED'
+  '-DMQTT_CERT_VALIDATE_DEFAULT=true'
   '-DMQTT_SERVER="xxxxxxxxxxxxx-ats.iot.eu-west-2.amazonaws.com"'
   '-DMQTT_PORT="8883"'
   '-DMQTT_USER=""'