From 3759e304971e3d6ca43700d43613c3373b103c82 Mon Sep 17 00:00:00 2001 From: Stefan Kleeschulte Date: Wed, 13 Nov 2019 13:38:50 +0100 Subject: [PATCH] Default to validating the server certificate for mqtts://-URLs When the server URL has the protocol mqtts:// and no further SSL/TLS options are supplied, default to validating the server certificate. Fixes #2379. --- packages/node_modules/@node-red/nodes/core/network/10-mqtt.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packages/node_modules/@node-red/nodes/core/network/10-mqtt.js b/packages/node_modules/@node-red/nodes/core/network/10-mqtt.js index 4945c5c8b..b4fbfcc35 100644 --- a/packages/node_modules/@node-red/nodes/core/network/10-mqtt.js +++ b/packages/node_modules/@node-red/nodes/core/network/10-mqtt.js @@ -134,6 +134,9 @@ module.exports = function(RED) { agent: agent } } + if (this.brokerurl.indexOf("mqtts://") > -1 && (!this.usetls || !n.tls)) + // Default to validating the server cert + this.verifyservercert = true; } else { // construct the std mqtt:// url if (this.usetls) {