MQTT certificate cause crash

alexmihai
Posts: 1
Joined: Mon Apr 01, 2024 3:14 pm

MQTT certificate cause crash

Postby alexmihai » Mon Apr 01, 2024 3:32 pm

I'm trying to connect to MQTT. When I use .crt certificates, I get a crash. Without them, it works, but it's not secure. I've tried with HiveMQ and EMQX, and I get the same crash. I've used an ESP32 and an ESP32S3.

Code: Select all

#include "esp_log.h"
#include "mqtt_client.h"
#include "nvs_flash.h"

static const char *TAG = "MQTT";
esp_mqtt_client_handle_t client;
extern const uint8_t hivemq_crt_start[] asm("_binary_hivemq_crt_start");
extern const uint8_t hivemq_crt_end[] asm("_binary_hivemq_crt_end");
const size_t hivemq_crt_size = hivemq_crt_end - hivemq_crt_start;

static esp_err_t mqtt_event_handler_cb(esp_mqtt_event_handle_t event) {
    switch (event->event_id) {
        case MQTT_EVENT_CONNECTED:
            ESP_LOGI(TAG, "MQTT_EVENT_CONNECTED");
            esp_mqtt_client_publish(client, "test", "This is a test message", 0, 1, 0);
            break;
        case MQTT_EVENT_DISCONNECTED:
            ESP_LOGI(TAG, "MQTT_EVENT_DISCONNECTED");
            break;
        default:
            break;
    }
    return ESP_OK;
}

static void mqtt_event_handler(void *handler_args, esp_event_base_t base, int32_t event_id, void *event_data) {
    esp_mqtt_event_handle_t event = (esp_mqtt_event_handle_t) event_data;
    mqtt_event_handler_cb(event);
}

void mqtt_app_start(void) {
    const esp_mqtt_client_config_t mqtt_cfg = {
            .broker = {
                    .address = {
                            .uri = "mqtts://9a8b0eedab19429098cf30728dc442f6.s1.eu.hivemq.cloud:8883",
                    },
                    .verification={
                            .certificate=(const char *) hivemq_crt_start
                    }
            },
            .credentials={
                    .username="USER",
                    .authentication={
                            .password="PASS"
                    }
            }
    };
    client = esp_mqtt_client_init(&mqtt_cfg);
    esp_mqtt_client_register_event(client, MQTT_EVENT_ANY, mqtt_event_handler, client);
    esp_mqtt_client_start(client);
}
I added manualy a \0 at the and of the certificate to eliminate that problem.

Code: Select all

const size_t cert_size_with_null = hivemq_crt_size + 1;
    char *cert_buffer = (char*)malloc(cert_size_with_null);
    if (cert_buffer != NULL) {
        memcpy(cert_buffer, hivemq_crt_start, hivemq_crt_size);
        cert_buffer[hivemq_crt_size] = '\0';
    }
Guru Meditation Error: Core 0 panic'ed (LoadProhibited). Exception was unhandled.

Core 0 register dump:
PC : 0x4038238d PS : 0x00060433 A0 : 0x803846a3 A1 : 0x3fcad100
A2 : 0x03411003 A3 : 0xffffffff A4 : 0x0000cdcd A5 : 0x00060423
A6 : 0xb33fffff A7 : 0xb33fffff A8 : 0x80382369 A9 : 0x3fcad100
A10 : 0x00060423 A11 : 0x00000000 A12 : 0x00060420 A13 : 0x00000000
A14 : 0x00000000 A15 : 0x011c0000 SAR : 0x0000001a EXCCAUSE: 0x0000001c
EXCVADDR: 0x03411003 LBEG : 0x40056f5c LEND : 0x40056f72 LCOUNT : 0xffffffff


Backtrace: 0x4038238a:0x3fcad100 0x403846a0:0x3fcad130 0x40376e8b:0x3fcad150 0x40376ed4:0x3fcad180 0x40386211:0x3fcad1a0 0x4205dfa8:0x3fcad1c0 0x4205f143:0x3fcad1e0 0x420634aa:0x3fcad210 0x4206e150:0x3fcad260 0x4206ecc2:0x3
fcad290 0x4205cad1:0x3fcad2b0
At this point I tried connecting for a week with no result with no result. Can someone try to connect to emqx or hivemq. they have free tiers

plusorc
Posts: 41
Joined: Sat Nov 09, 2019 6:27 am

Re: MQTT certificate cause crash

Postby plusorc » Tue Apr 02, 2024 3:46 am

I haven't done this method in a while , I usually use an NVS partition for that
But is there any chance you forgot to include the certificate in CmakeLists.txt in the main folder ?

Code: Select all

# Embed the server root certificate into the final binary
#
# (If this was a component, we would set COMPONENT_EMBED_TXTFILES here.)
idf_component_register(SRCS "SSL_03.c"
                    INCLUDE_DIRS "."
                    EMBED_TXTFILES iot_hub.cer iot_client.cer iot_client.key)

In your case it will be only One File not 3 like this

p.s.
I have a very old test project that uses http not mqtt , but it's the same process and it uses this method of putting the certificates , If you're interested .. let me know

Who is online

Users browsing this forum: Baidu [Spider], Bing [Bot] and 197 guests