In configuration and normal modes, Homie for ESP8266 code is designed to be non-blocking, so that you can do other tasks in the main loop(). However, the connection to the MQTT broker is blocking during ~5 seconds in case the server is unreachable. This is an Arduino for ESP8266 limitation, and we can't do anything on our side to solve this issue, not even a timeout.
The OTA mode is blocking for obvious reason.
Adding a TLS fingerprint effectively pins the device to a particular certificate. Furthermore, as currently implemented by the ESP8266 WifiSecureClient, both mqtt.host and ota.host are verified against the server certificate's common name (CN) in the certificate subject or in the SANs (subjectAlternateName) contained in it, but not in their IP addresses. For example, if the certificate used by your server looks like this:
Subject: CN=tiggr.example.org, OU=generate-CA/[email protected]
...
X509v3 Subject Alternative Name:
IP Address:192.168.1.10, DNS:broker.example.org
Enabling fingerprint in Homie will work only if host is set to tiggr.example.org or broker.example.org and the correct fingerprint is used; setting host to the IP address will cause fingerprint verification to fail.
This is a known esp8266/Arduino issue that polling analogRead() too frequently forces the Wi-Fi to disconnect. As a workaround, don't poll the ADC more than one time every 3ms.