Page 1 of 1

ESP8266 AT MQTT SSL Certificates not working

Posted: Thu Jun 08, 2023 7:35 pm
by bluscape
I've asked the same question on stackoverflow: https://stackoverflow.com/questions/764 ... 1_76433285

I'm using the ESP8266 (WROOM-02D) for MQTT over WIFI. I'm using AT commands for MQTT. I'm currently using ESP8266-IDF-AT_V2.2.1.0 firmware on the WROOM-02D. My broker has been configured to use both client and server certificates for authentication.

I flashed my certifactes to the module at the following addresses as per the partition table:

Code: Select all

0xF8000 - client_cert.bin
0xFA000 - client_key.bin
0xFC000 - client_ca.bin
0x106000 - mqtt_key.bin
0x104000 - mqtt_cert.bin
0x108000 - mqtt_ca.bin
I configure the module with the following AT commands:

Code: Select all

AT+CWMODE=1 // Station mode
AT+CWJAP="SSID","Password" // Connect to AP
AT+CIPMUX=0 // Single connection
AT+CIPSNTPCFG=1,8,"ntp1.aliyun.com" // Configure and enable SNTP
AT+CIPSNTPTIME? // Query the SNTP time
AT+CIPSSLCCONF=3,0,0 // Set the SSL clients (mutual authentication)
AT+MQTTUSERCFG=0,5,"ClientID","","",0,0,"" // MQTT user configuration
AT+MQTTCONNCFG=0,30,0,"topic","message",0,0 // MQTT connection configuration
AT+MQTTCONN=0,"BrokerAddress",BrokerPort,0 // Connect to the MQTT broker
THE PROBLEM

Whenever I execute the command

Code: Select all

AT+MQTTCONN
, the module will reset. The module will reset even if use the default provided certicates. I found that the module will reset whenever MQTT scheme uses TLS (with or without certificates).

When I set the scheme to 0 (TCP and no TLS), there is no issue.

I've tried several things and even different firmwares but cannot get it to work.

When looking at the AT command manual, the MQTT user configuration has a "path" parameter.

Code: Select all

AT+MQTTUSERCFG=<LinkID>,<scheme>,<"client_id">,<"username">,<"password">,<cert_key_ID>,<CA_ID>,<"path">
I'm not sure if this could be the problem, but I cannot find any documentation on specifying the path.

Re: ESP8266 AT MQTT SSL Certificates not working

Posted: Tue Jun 13, 2023 3:18 am
by esp-at
hello, you are right. ESP8266-AT does not support MQTT over TLS due to memory limit.

And the doc described here: https://docs.espressif.com/projects/esp ... parameters, please know.

Re: ESP8266 AT MQTT SSL Certificates not working

Posted: Fri Jul 21, 2023 3:25 pm
by banjoluck
Call me crazy if you like.

Wouldn't it be a low-cost feature to simply report an error instead of crashing?

Re: ESP8266 AT MQTT SSL Certificates not working

Posted: Mon Jul 24, 2023 2:40 am
by esp-at
Sorry for the inconvenience. For a well-designed firmware, it shouldn't crash anyhow. However, memory issues are a global problem, and if any component does not handle memory allocation properly, it can lead to crash situations. As the ESP8266 SDK will not undergo significant updates, it is unlikely that the current behavior will be changed.

If you wish to use MQTT over TLS, we recommend considering ESP32-C3/ESP32-C2/ESP32 chips as a priority.

~