- Mon Jul 04, 2016 7:21 am
#50160
Hello All:
I am very new to SSL / TLS or internet technologies for that matter.
I have got MQTT working in ESP and am able to communicate with the mosquito broker. Now, I want to enable SSL/TLS on this set up.
These are the changes, I made.
1. Followed the instructions in 5A-ESP8266__SDK__SSL_User_Manual__EN_v1.1.pdf to generate the certificates and keys along with the header files for the same.
2. Put the certificates and keys on the machine running mosquitto and configured my mosquitto.conf to point to the necessary certificates.
3. In the ESP code, I changed the following.
I am very new to SSL / TLS or internet technologies for that matter.
I have got MQTT working in ESP and am able to communicate with the mosquito broker. Now, I want to enable SSL/TLS on this set up.
These are the changes, I made.
1. Followed the instructions in 5A-ESP8266__SDK__SSL_User_Manual__EN_v1.1.pdf to generate the certificates and keys along with the header files for the same.
Code: Select all
The only change is, I used the makefile.sh to generate the header files to include into my project.
2. Put the certificates and keys on the machine running mosquitto and configured my mosquitto.conf to point to the necessary certificates.
Code: Select all
###############
## For TLS enabling
################
listener 8883
cafile /etc/mosquitto/ca_certificates/ca.crt
certfile /etc/mosquitto/certs/localhost.crt
keyfile /etc/mosquitto/certs/localhost.key
3. In the ESP code, I changed the following.
Code: Select all
In user_config.h
#define DEFAULT_SECURITY SEC_SSL /* Changed to enable SSL during MQTT_Connect */
In user_main.c
void ICACHE_FLASH_ATTR wifiConnectCb(uint8_t status)
{
if (status == STATION_GOT_IP)
{
struct ip_info ipConfig;
/* Got IP, so disable the Configuration timer */
os_timer_disarm(&devConfigTimer);
wifi_get_ip_info(STATION_IF, &ipConfig);
INFO("CONNECTED to: " IPSTR, IP2STR(&(ipConfig.gw)));
/**
* Set up the certificates
*/
INFO("\n\r[0]: Setting up the default certificate");
espconn_secure_set_default_certificate(default_certificate, default_certificate_len);
espconn_secure_set_default_private_key(default_private_key, default_private_key_len);
MQTT_Connect(&mqttClient);
}
Due to this, in mqtt.c
void ICACHE_FLASH_ATTR
MQTT_Connect(MQTT_Client *mqttClient)
{
:
if (mqttClient->security)
{
INFO("\n\rFree memory is: %u bytes", system_get_free_heap_size() );
espconn_secure_connect(mqttClient->pCon);
INFO("MQTT connect : Secure Connection\r\n");
}
else
{
espconn_connect(mqttClient->pCon);
INFO("MQTT connect : Insecure Connection\r\n");
}
}
But, issue I am facing is that when I corrupt the certificate bytes just to see if its authentication is working, the connection still goes on without any issue and I can send MQTT packets without any problem.
