Help with secure Peer to Peer bidirectional communications on a local network: Websocket? MQTT? Other?

dtaylor
Posts: 8
Joined: Tue Aug 24, 2021 5:27 pm

Help with secure Peer to Peer bidirectional communications on a local network: Websocket? MQTT? Other?

Postby dtaylor » Mon Sep 13, 2021 8:37 pm

What I'm looking for is secure Peer to Peer bidirectional communications on a local network because in some cases there may not have internet access so I can't facilitate with a cloud server.


What I was trying to do. Is there another way? Or a way to make this work?
Secure websocket server on an es32 without domain using IP only. Connected to by a client in browser or mobile app.
I am posting this as a new topic because I believe I understand the handshake error I am getting is related to the Common Name of the certificate not matching the domain of the server. Please correct me if I'm wrong.

Problem: Need to connect to an esp32 websocket server with an arbitrary IP address assigned by DHCP on any local network.
For the https server example the workaround is allow to proceed to untrusted site in the browser. But for a websocket that is accessed either from the browser or an app this is not an option.

Since I don't know the IP ahead of time, I can't sign a certificate with the proper IP, especially since this is bound to change.

How do I get around this? I'd rather do this in a secure way. Is this just going to require an intermediary server so that both the App/Browser and the ESP32 are clients to my cloud service which acts as a pass through?

Is MQTT a better option? But I'm assuming I'll run into the same certificate issue.

Any suggestions would be very appreciated!

User avatar
fasani
Posts: 197
Joined: Wed Jan 30, 2019 12:00 pm
Location: Barcelona
Contact:

Re: Help with secure Peer to Peer bidirectional communications on a local network: Websocket? MQTT? Other?

Postby fasani » Tue Sep 14, 2021 6:02 am

Hi there!

>Since I don't know the IP ahead of time, I can't sign a certificate with the proper IP, especially since this is bound to change.

Can't you use MDNS so you can resolve the IP address? Just as the ESP32 Mesh lamps do. Reference:
https://docs.espressif.com/projects/esp ... /mdns.html

As per the Certificate issue I really don't get what is going on. But it's properly documented and there are also many examples to see how it's setted up and it should work.
Here you can see an example in one component of mine, to download a JPG image from a secure site, using a SSL certificate.

About the transport method, if it's Web socket, HTTPS or MQTT that is something of your choice depending on what favours better your implementation.
epdiy collaborator | http://fasani.de Fan of Espressif MCUs and electronic design

WiFive
Posts: 3529
Joined: Tue Dec 01, 2015 7:35 am

Re: Help with secure Peer to Peer bidirectional communications on a local network: Websocket? MQTT? Other?

Postby WiFive » Tue Sep 14, 2021 9:38 am

Since I don't know the IP ahead of time, I can't sign a certificate with the proper IP, especially since this is bound to change.
You would have to install the root certificate in the client browser or app and then generate new certificates on the esp32 device when the IP changed.

Otherwise with an app you could use something like psk dtls which Ikea tradfri uses.

Who is online

Users browsing this forum: noweare and 185 guests