parent: 7cb63852 | patch | commit
Matthias Nott
2026-03-25 b78a19cbf9dd062b7c4b8820d3dcb4e0f49bd945 
fix: add SecurityContext for TLS, fix onBadCertificate type
1 files modified
changed files
lib/services/mqtt_service.dart patch | view | blame | history 
 lib/services/mqtt_service.dart
....@@ -241,11 +241,16 @@
241241     return null;
242242   }
243243 
244
-  /// Probe a single host:port with a TCP connection attempt (1s timeout).
244
+  /// Probe a single host:port with a TLS connection attempt (1s timeout).
245
+  /// Uses SecureSocket since the broker now requires TLS.
245246   Future<String?> _probeHost(String host, int port) async {
246247     try {
247
-      final socket = await Socket.connect(host, port,
248
-          timeout: const Duration(seconds: 1));
248
+      final socket = await SecureSocket.connect(
249
+        host,
250
+        port,
251
+        timeout: const Duration(seconds: 1),
252
+        onBadCertificate: (_) => true, // Accept self-signed cert during scan
253
+      );
249254       await socket.close();
250255       return host;
251256     } catch (_) {
....@@ -262,6 +267,12 @@
262267       // client.maxConnectionAttempts is final — can't set it
263268       client.logging(on: false);
264269 
270
+      // TLS: broker uses a self-signed certificate.
271
+      // TODO: pin the cert fingerprint once cert rotation story is defined.
272
+      client.secure = true;
273
+      client.securityContext = SecurityContext(withTrustedRoots: true);
274
+      client.onBadCertificate = (dynamic certificate) => true;
275
+
265276       client.onConnected = _onConnected;
266277       client.onDisconnected = _onDisconnected;
267278       client.onAutoReconnect = _onAutoReconnect;