allow use of tls without custom/self-signed certificate chain

bj00rn · bj00rn · commit 75b7d874f774 · 2025-06-17T10:34:13.000+02:00
diff --git a/src/configuration/parser.py b/src/configuration/parser.py
@@ -414,9 +414,6 @@ def process_arguments() -> Configuration:
                 config.mqtt_transport_protocol = TransportProtocol.TLS
                 if args.tls_server_cert_path:
                     config.tls_server_cert_path = args.tls_server_cert_path
-                else:
-                    msg = f"No server certificate authority file provided for TLS MQTT URI {args.mqtt_uri}"
-                    raise SystemExit(msg)
             else:
                 msg = f"Invalid MQTT URI scheme: {parse_result.scheme}, use tcp or ws"
                 raise SystemExit(msg)
diff --git a/src/publisher/mqtt_publisher.py b/src/publisher/mqtt_publisher.py
@@ -50,14 +50,19 @@ async def connect(self) -> None:
                 )
             else:
                 self.client.set_auth_credentials(username=self.configuration.mqtt_user)
+
         if self.transport_protocol.with_tls:
             cert_uri = self.configuration.tls_server_cert_path
             LOG.debug(
                 f"Configuring network encryption and authentication options for MQTT using {cert_uri}"
             )
             ssl_context = ssl.SSLContext()
-            ssl_context.load_verify_locations(cafile=cert_uri)
-            ssl_context.check_hostname = False
+            if cert_uri:
+                ssl_context.load_verify_locations(cafile=cert_uri)
+                ssl_context.check_hostname = False
+            else:
+                LOG.debug(f"Custom certificate chain not provided, using default")
+                ssl_context = True  # Use default SSL context if no cert is provided
         else:
             ssl_context = None
         await self.client.connect(
