0

Adafruit_MQTT_Library with SSL client cert
Moderators: adafruit_support_bill, adafruit

Please be positive and constructive with your questions and comments.

Adafruit_MQTT_Library with SSL client cert

by quarterturn on Thu Feb 28, 2019 11:35 pm

I'm hoping to use the Adafruit_MQTT_Library with an ESP8266 and Arduino and secure my MQTT connection with an SSL cert. This is working fine between mosquitto_sub via python on a linux instance, and mosquitto broker running on another linux instance. I followed the guide here (http://www.steves-internet-guide.com/mosquitto-tls/) to create the self-signed client cert I am using.

Now, the Adafruit_MQTT_Library SSL example 'adafruitio_secure_esp8266.ino' doesn't use a client cert, just a SHA1 digest. I've generated an SHA1 digest of my client cert, but is that all I need - just use it in my code with what's already present on the broker side? Sorry, I'm not much of an SSL expert!

I'm hoping the digest is all I need. I'm kind of stuck between what's in the Arduino library and having to resort to micropython, which I think is going to have issues due to needing to use a 1MB flash standard RAM ESP8266 (it's a Sonoff Baisc). I'm trying to keep to the Sonoff as it's a finished product and is relatively safe for wall current applications (vs something I could build myself).

Thanks!

quarterturn
 
Posts: 57
Joined: Mon Mar 23, 2015 11:05 pm

Re: Adafruit_MQTT_Library with SSL client cert

by brubell on Fri Mar 01, 2019 11:46 am

Try it with the SHA1 digest, and see if it has an issue with adafruitio_secure_esp8266.ino. This forum is for Adafruit IO support - if you're looking for support for using Adafruit MQTT without adafruit io - please file an issue on the GitHub repository for the library: https://github.com/adafruit/Adafruit_MQ ... ary/issues

brubell
 
Posts: 374
Joined: Fri Jul 17, 2015 10:33 pm

Re: Adafruit_MQTT_Library with SSL client cert

by quarterturn on Fri Mar 01, 2019 1:17 pm

I found a working code example: https://github.com/debsahu/ESP_MQTT_Secure

BTW it may look like a library but it is not, just drill down to the example using the mqtt library you prefer.

I found that the author's use of the #define compiler constant doesn't work with Arduino and PubSubClient.h. There is an arguments error at client.connect().

the mqtt_connect() function should look like this:
Code: Select all | TOGGLE FULL SIZE
void mqtt_connect()
{
  while (!client.connected()) {
    Serial.print("Time: ");
    Serial.print(ctime(&now));
    Serial.print("MQTT connecting ... ");
    String clientId = "ESP8266Client-";
    clientId += String(random(0xffff), HEX);
    if (client.connect(clientId.c_str())) {
      Serial.println("connected.");
      client.subscribe(MQTT_SUB_TOPIC);
    } else {
      Serial.print("failed, status code =");
      Serial.print(client.state());
      Serial.println(". Try again in 5 seconds.");
      /* Wait 5 seconds before retrying */
      delay(5000);
    }
  }
}


client.connect() works with a String type. The author is using platformio which apparently handles it a bit differently, but I don't have time to learn another IDE at the moment.

I hope this is helpful to someone wanting to follow one of the mosquitto SSL guides AND also get a ca.crt working with a Huzzah or other ESP8266 for MQTT.

quarterturn
 
Posts: 57
Joined: Mon Mar 23, 2015 11:05 pm

Please be positive and constructive with your questions and comments.