Using esp_mqtt_cxx with SSL

[stijnb1234]

I want to connect with my ESP32 and a Quectel modem to an MQTT broker using TLS (port 8883). I can't get a working combination of code.

What I have (based on the SSL example):

Code: mqtt.cpp Select all

// Configure the MQTT client

esp_transport_handle_t at =

    esp_transport_at_init(Modem::getInstance().getDCE());

if (!at) {

  ESP_LOGE(TAG, "Failed to initialize the AT transport!");

  return false;

}



// Configure the TLS transport

esp_transport_handle_t ssl = esp_transport_tls_init(at);

if (!ssl) {

  ESP_LOGE(TAG, "Failed to initialize the SSL transport!");

  return false;

}



idf::mqtt::BrokerConfiguration broker{

    .address = {idf::mqtt::URI{"mqtts://" + std::string{MQTT_BROKER_URL} +

                               ":" + std::to_string(MQTT_PORT)}},

    .security = idf::mqtt::CryptographicInformation{

        idf::mqtt::PEM{.data = mqtt_pem_start}}};

idf::mqtt::ClientCredentials credentials{

    .username = MQTT_SUID,

    .authentication = idf::mqtt::Password{.data = MQTT_PASSWORD},

    .client_id = MQTT_SUID};

idf::mqtt::Network network{.transport = ssl};

idf::mqtt::Configuration config{.network = network};



// Store the client as a member variable

mqtt_client = std::make_unique<MQTTClient>(broker, credentials, config);

But it can't connect, it silently fails. I also don't know the correct command to generate the .pem file I need. Does anybody now this?

[MicroController]

You don't need a (PEM) certificate on the client side for a regular TLS connection.
You may want/need the public key of either the server's certificate or its root CA in order for the client to be able to verify the server's identity. The client's identity is verified by the server via username+password after the encrypted TLS connection is established.

[nopnop2002]

> I also don't know the correct command to generate the .pem file I need.

This is the script that creates the pem file for broker.emqx.io:8883.

Code: Select all

#!/bin/bash
#
# Extract the root certificate from ${HOST}:${PORT}.

#set -x

#HOST="mqtt.eclipseprojects.io"
HOST="broker.emqx.io"
PORT="8883"

openssl s_client -showcerts -connect $HOST:$PORT </dev/null >hoge

start=`grep -e "-----BEGIN CERTIFICATE-----" -n hoge | sed -e 's/:.*//g' | tail -n 1`

last=`grep -e "-----END CERTIFICATE-----" -n hoge | sed -e 's/:.*//g' | tail -n 1`

sed -n ${start},${last}p hoge > root_cert.pem

rm hoge

[stijnb1234]

Now (after using the cert from that command) I get:

Code: Select all

mbedtls_ssl_handshake returned() returned -0x2462
-0x2462: X509 - The date tag or value is invalid : ASN1 - ASN1 tag was of an unexpected value

What might cause this?