From 43b8998276fed4c72c37103b06f93a49d20b77a1 Mon Sep 17 00:00:00 2001
From: Ellis Percival <flyte@failcode.co.uk>
Date: Tue, 13 Nov 2018 13:52:14 +0000
Subject: [PATCH] Add SSL/TLS instructions to readme. #44

---
 README.md | 37 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 1cb53f4..765140b 100644
--- a/README.md
+++ b/README.md
@@ -48,7 +48,7 @@ digital_outputs:
     off_payload: "OFF"
     initial: low  # This optional value controls the initial state of the pin before receipt of any messages from MQTT. Valid options are 'low' and 'high'.
     retain: yes # This option value controls if the message is retained. Default is no.
-  
+
   - name: fan
     module: raspberrypi
     pin: 22
@@ -82,6 +82,41 @@ digital_inputs:
     pulldown: no
 ```
 
+#### SSL/TLS
+
+You may want to connect to a remote server, in which case it's a good idea to use an encrypted connection. If the server supports this, then you can supply the relevant config values for the [tls_set()](https://github.com/eclipse/paho.mqtt.python#tls_set) command.
+
+```yaml
+mqtt:
+  host: test.mosquitto.org
+  port: 8883
+  tls:
+    enabled: yes
+```
+
+You may need to supply a trusted CA certificate, as instructed on https://test.mosquitto.org/.
+
+```yaml
+mqtt:
+  host: test.mosquitto.org
+  port: 8883
+  tls:
+    enabled: yes
+    ca_certs: mosquitto.org.crt
+```
+
+Or you might want to use SSL/TLS but not verify the server's certificate (not recommended).
+
+```yaml
+mqtt:
+  host: test.mosquitto.org
+  port: 8883
+  tls:
+    enabled: yes
+    cert_reqs: CERT_NONE
+    insecure: yes
+```
+
 #### Temporary Set
 
 You may want to set the output to a given value for a certain amount of time. This can be done using the `/set_on_ms` and `/set_off_ms` topics. If an output is already set to that value, it will stay that value for the given amount of milliseconds and then switch to the opposite.
-- 
GitLab