TLS disable ECDSA for MQTT to ensure we don't break fingerprints after #22649 (#22656)

2026-03-20 22:28:07 +01:00 · 2024-12-15 19:43:51 +01:00
parent 90e0595b7f
commit 69d3fc1003
4 changed files with 25 additions and 3 deletions
--- a/lib/libesp32/HttpClientLight/src/HttpClientLight.cpp
+++ b/lib/libesp32/HttpClientLight/src/HttpClientLight.cpp
@@ -89,6 +89,7 @@ public:
    {
        BearSSL::WiFiClientSecure_light& wcs = static_cast<BearSSL::WiFiClientSecure_light&>(client);
        wcs.setPubKeyFingerprint(_fingerprint_any, _fingerprint_any, true); // allow all fingerprints
+        wcs.setRSAOnly(false);          // although we use fingerprint, we allow ECDSA
        return true;
    }