Hello all,
I am working on a project where I want to connect ESP32 to a MQTT server, which uses TLS v1.2 protocol. After quite some researching I am still not sure if this is possible - If I get it right, ESP32 in general supports mbedTLS, which should cover all the SSL and TLS protocols...? But in the MQTT section of the espressif documentation I only see the SSL with mbedTLS (this means that only SSL protocols are covered right?). Has anyone been working on this or has any useful info?
Thanks in advance,
Mitja
ESP32 MQTT secure TLS v1.2
-
- Posts: 9764
- Joined: Thu Nov 26, 2015 4:08 am
Re: ESP32 MQTT secure TLS v1.2
Can't give you an absolute answer, but I do know esp-mqtt uses esp-tls under the hood, which (as the name implies) supports TLS connections, so I'd think it supports it.
Re: ESP32 MQTT secure TLS v1.2
Thank you for your reply and sorry for my late response.. I've been trying to solve this issue but without success. Here are some parts of my code:
static const char DSTroot_CA[] PROGMEM = R"EOF(
-----BEGIN CERTIFICATE-----
XXXXXXXXX
-----END CERTIFICATE-----
)EOF";
mqtt_cfg.port = MQTT_PORT;
mqtt_cfg.uri = MQTT_ADDR;
mqtt_cfg.username = MQTT_USER;
mqtt_cfg.password = MQTT_PASSWD;
mqtt_cfg.keepalive = 15;
// mqtt_cfg.transport = MQTT_TRANSPORT_OVER_SSL;
mqtt_cfg.event_handle = mqtt_event_handler;
mqtt_cfg.cert_pem = (const char*)DSTroot_CA;
// esp_err_t err = esp_tls_set_global_ca_store (DSTroot_CA, sizeof (DSTroot_CA));
client = esp_mqtt_client_init(&mqtt_cfg);
esp_mqtt_client_start (client);
When I try to connect to the mqtt server I get this:
E (20009090) esp-tls: mbedtls_ssl_handshake returned -0x2700
E (20009092) esp-tls: Failed to open new connection
E (20009092) TRANS_SSL: Failed to open a new connection
E (20009094) MQTT_CLIENT: Error transport connect
I've been searching for 0x2700 error and it seems to be verification fail.
Anyone knows how to propperly include the pem certificate in esp_mqtt_client_init?
I'm not sure I'm doing it the right way...
static const char DSTroot_CA[] PROGMEM = R"EOF(
-----BEGIN CERTIFICATE-----
XXXXXXXXX
-----END CERTIFICATE-----
)EOF";
mqtt_cfg.port = MQTT_PORT;
mqtt_cfg.uri = MQTT_ADDR;
mqtt_cfg.username = MQTT_USER;
mqtt_cfg.password = MQTT_PASSWD;
mqtt_cfg.keepalive = 15;
// mqtt_cfg.transport = MQTT_TRANSPORT_OVER_SSL;
mqtt_cfg.event_handle = mqtt_event_handler;
mqtt_cfg.cert_pem = (const char*)DSTroot_CA;
// esp_err_t err = esp_tls_set_global_ca_store (DSTroot_CA, sizeof (DSTroot_CA));
client = esp_mqtt_client_init(&mqtt_cfg);
esp_mqtt_client_start (client);
When I try to connect to the mqtt server I get this:
E (20009090) esp-tls: mbedtls_ssl_handshake returned -0x2700
E (20009092) esp-tls: Failed to open new connection
E (20009092) TRANS_SSL: Failed to open a new connection
E (20009094) MQTT_CLIENT: Error transport connect
I've been searching for 0x2700 error and it seems to be verification fail.
Anyone knows how to propperly include the pem certificate in esp_mqtt_client_init?
I'm not sure I'm doing it the right way...
Who is online
Users browsing this forum: Bing [Bot] and 228 guests