diff --git a/src/AdafruitIO_Definitions.h b/src/AdafruitIO_Definitions.h index 70080c8..64bfbd0 100644 --- a/src/AdafruitIO_Definitions.h +++ b/src/AdafruitIO_Definitions.h @@ -115,9 +115,12 @@ class AdafruitIOGroupCallback { #define AIO_ERROR_TOPIC "/errors" ///< Adafruit IO Error MQTT Topic #define AIO_THROTTLE_TOPIC "/throttle" ///< Adafruit IO Throttle MQTT Topic -// latest fingerprint can be generated with -// echo | openssl s_client -connect io.adafruit.com:443 | openssl x509 -// -fingerprint -noout +/* NB: io.adafruit.com TLS/SSL certificate changes every 6months, and pinning +certificates is no longer recommended. Migrate to a larger MCU like ESP32 +which can accomodate root certificates and verify chains of trust. */ +/* For older devices like ESP8266 you can generate the latest fingerprint with: +echo | openssl s_client -connect io.adafruit.com:443 | openssl x509 -fingerprint -noout +*/ #define AIO_SSL_FINGERPRINT \ "47 D2 CB 14 DF 38 97 59 C6 65 1A 1F 3E 00 1E 53 CC A5 17 E0" ///< Latest ///< Adafruit IO diff --git a/src/wifi/AdafruitIO_ESP8266.h b/src/wifi/AdafruitIO_ESP8266.h index e4be20a..6efd330 100644 --- a/src/wifi/AdafruitIO_ESP8266.h +++ b/src/wifi/AdafruitIO_ESP8266.h @@ -25,12 +25,13 @@ /* NOTE - Projects that require "Secure MQTT" (TLS/SSL) also require a new * SSL certificate every year. If adding Secure MQTT to your ESP8266 project is * important - please switch to using the modern ESP32 (and related models) - * instead of the ESP8266 to avoid updating the SSL fingerprint every year. + * instead of the ESP8266 to avoid updating the SSL fingerprint every 6months. * * If you've read through this and still want to use "Secure MQTT" with your * ESP8266 project, we've left the "WiFiClientSecure" lines commented out. To * use them, uncomment the commented out lines within `AdafruitIO_ESP8266.h` and - * `AdafruitIO_ESP8266.cpp` and recompile the library. + * `AdafruitIO_ESP8266.cpp`, update fingerprint in `AdafruitIO_Definitions.h`, + * and then recompile the library. */ // #include "WiFiClientSecure.h"