What about a secure mqtt client

Is there already the possibility to do secure mqtt connection? Have a Pico with a wiz module for Ethernet on my desk and would like to use mqtt secure with providing CA as pem like possible as command like this:

mosquitto_sub -h  host -p 8883 -t topic --cafile /path/to/a/file

Any hints or howto?

Yes, I think you can do it fine on the Pico as you have TLS there? it's literally just MQTT but over TLS

https://www.espruino.com/Reference#tls

Not tried recently, but this should work:

var options = url.parse("localhost:1234");
options.key = atob("MIIJKQ ... OZs08C");
options.cert = atob("MIIFi ... Uf93rN+");
options.ca = atob("MIIFgDCC ... GosQML4sc=");
  var mqttoptions = { // ALL OPTIONAL - the defaults are below
    client_id : "random",   // the client ID sent to MQTT - it's a good idea to define your own static one based on `getSerial()`
    keep_alive: 60,         // keep alive time in seconds
    clean_session: true,
    username: "username",   // default is undefined
    password: "password",   // default is undefined
    protocol_name: "MQTT",  // or MQIsdp, etc..
    protocol_level: 4,      // protocol level
  };

var mqtt = require("MQTT").create(null, mqttoptions);
require("tls").connect(options, function(client) {
  mqtt.connect(client);
} );

certs can now be in storage too.

If this works please can you let me know? It'd be nice to add to the MQTT page

Thanks for sharing, will definitly give it a try.

ok, back with some update: The test was to connect to test.mosquitto.org and it did not work beause this site does not support TLS 1.0 which can be checked with nmap --script ssl-enum-ciphers -p 8883 test.mosquitto.org, same result for broker.emqx.io.

Does anyone know a public mqtt test broker that still support TLS 1.0?

Edit: broker.hivemq.com still supports TLS 1.0

I wasn't aware of this being an issue - do you think upgrading mbedtls would help with this?

do you think upgrading mbedtls would help with this?

yes, definitely