ESP32 MQTT secure TLS v1.2

mitja123
Posts: 3
Joined: Sun Oct 17, 2021 10:31 pm

ESP32 MQTT secure TLS v1.2

Postby mitja123 » Sun Oct 17, 2021 10:54 pm

Hello all,

I am working on a project where I want to connect ESP32 to a MQTT server, which uses TLS v1.2 protocol. After quite some researching I am still not sure if this is possible - If I get it right, ESP32 in general supports mbedTLS, which should cover all the SSL and TLS protocols...? But in the MQTT section of the espressif documentation I only see the SSL with mbedTLS (this means that only SSL protocols are covered right?). Has anyone been working on this or has any useful info?

Thanks in advance,

Mitja

ESP_Sprite
Posts: 9766
Joined: Thu Nov 26, 2015 4:08 am

Re: ESP32 MQTT secure TLS v1.2

Postby ESP_Sprite » Mon Oct 18, 2021 12:54 am

Can't give you an absolute answer, but I do know esp-mqtt uses esp-tls under the hood, which (as the name implies) supports TLS connections, so I'd think it supports it.

mitja123
Posts: 3
Joined: Sun Oct 17, 2021 10:31 pm

Re: ESP32 MQTT secure TLS v1.2

Postby mitja123 » Fri Oct 22, 2021 12:37 pm

Thank you for your reply and sorry for my late response.. I've been trying to solve this issue but without success. Here are some parts of my code:

static const char DSTroot_CA[] PROGMEM = R"EOF(
-----BEGIN CERTIFICATE-----
XXXXXXXXX
-----END CERTIFICATE-----
)EOF";

mqtt_cfg.port = MQTT_PORT;
mqtt_cfg.uri = MQTT_ADDR;
mqtt_cfg.username = MQTT_USER;
mqtt_cfg.password = MQTT_PASSWD;
mqtt_cfg.keepalive = 15;
// mqtt_cfg.transport = MQTT_TRANSPORT_OVER_SSL;
mqtt_cfg.event_handle = mqtt_event_handler;
mqtt_cfg.cert_pem = (const char*)DSTroot_CA;


// esp_err_t err = esp_tls_set_global_ca_store (DSTroot_CA, sizeof (DSTroot_CA));
client = esp_mqtt_client_init(&mqtt_cfg);
esp_mqtt_client_start (client);

When I try to connect to the mqtt server I get this:

E (20009090) esp-tls: mbedtls_ssl_handshake returned -0x2700
E (20009092) esp-tls: Failed to open new connection
E (20009092) TRANS_SSL: Failed to open a new connection
E (20009094) MQTT_CLIENT: Error transport connect

I've been searching for 0x2700 error and it seems to be verification fail.
Anyone knows how to propperly include the pem certificate in esp_mqtt_client_init?
I'm not sure I'm doing it the right way...

Who is online

Users browsing this forum: Majestic-12 [Bot] and 208 guests