4

I've got a problem with sending data from NodeMCU to Raspberry Pi through MQTT with TLS.

Configuration

Raspberry Pi (with Minibian on board) runs a Mosquitto (version 1.4.11) broker. It is configured as follows:

allow_anonymous true

listener 8883
cafile /etc/mosquitto/ca.crt
certfile /etc/mosquitto/minibian.crt
keyfile /etc/mosquitto/minibian.key
require_certificate false

Certs are generated by generate-CA.sh from https://github.com/owntracks/tools/tree/master/TLS with SHA256 (I tried also MD5). Before generating certs, IPLIST (subject alternative names) environment variable was defined with the IP of the NodeMCU.

NodeMCU's firmware was built by cloud build service from master branch with MQTT and TLS support enabled.

Code

After code upload I type in the NodeMCU terminal dofile("cert.lua"). Below is the content of this file:

print (tls.cert.verify([[
-----BEGIN CERTIFICATE-----
cert here
-----END CERTIFICATE-----
]]))

It prints 'true'.

Then after reboot:

function connect_to_broker()
   print ("Waiting for the broker")
   tls.cert.verify(true)
   m:connect(BROKER, BRPORT, 1, 1,
      function (client)
      print("Connected to MQTT:" .. BROKER .. ":" .. BRPORT .." as " .. CLIENTID )
      end,
   handle_connection_error
)
m:on("offline", handle_broker_offline)
end

[...]

print "Connecting to MQTT broker. Please wait..."
m = mqtt.Client( CLIENTID, MQTT_KEEPALIVE, BRUSER, BRPWD)
connect_to_broker()

Result

Mosquitto prints:

1488542161: New connection from 192.168.0.101 on port 8883.
1488542162: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
1488542162: Socket error on client <unknown>, disconnecting.

When I connect to the broker from my PC with the same cert with the following command, the connection is accepted by the broker and the message is delivered to the subscriber.

mosquitto_pub --cafile ca.crt -h 192.168.0.103 -p 8883 -t /test -m message

First, I did not set the IPLIST variable. Then I found out that I have the outdated mosquittoI (support for MQTT 3.1.1 is needed). Then I found that NodeMCU supports only a few signature algorithms, so I changed it to SHA256, as I know it is supported. Do you have any idea what is wrong with my code/configuration?

dda
  • 6,030
  • 2
  • 25
  • 34
kjawsk
  • 41
  • 4
  • Did you ever find a solution to this? – Thomas Oct 03 '17 at 15:19
  • No and I left this project... have you the same problem? or similar? – kjawsk Oct 04 '17 at 19:17
  • Similar, except without MQTT, just regular HTTPS. It's a pain on NodeMCU, apparently. Since this is just a hobby project, I'm disabling cert verification for the time being. – Thomas Oct 05 '17 at 08:19

0 Answers0