• State Not Answered
  • +1 person also asked this people also asked this
  • Replies 11 replies
  • Subscribers 65 subscribers
  • Views 2666 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 227432
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

mqtt_connect error 45 when using secure transport

jwade@scg

I have gotten mqtt_simple working with iot.eclipse.org:1883. I am now trying to adapt it to use TLS. From other questions I have made the following changes:

diff --git a/samples/nrf9160/mqtt_simple/src/main.c b/samples/nrf9160/mqtt_simple/src/main.c
index 779ee15..32afae5 100644
--- a/samples/nrf9160/mqtt_simple/src/main.c
+++ b/samples/nrf9160/mqtt_simple/src/main.c
@@ -288,7 +288,14 @@ static void client_init(struct mqtt_client *client)
     client->tx_buf_size = sizeof(tx_buffer);
 
     /* MQTT transport configuration */
-    client->transport.type = MQTT_TRANSPORT_NON_SECURE;
+    client->transport.type = MQTT_TRANSPORT_SECURE;
+    struct mqtt_sec_config *tls_config = &client->transport.tls.config;
+    tls_config->peer_verify = 0;
+    tls_config->cipher_list = 0;
+    tls_config->cipher_count = 0;
+    tls_config->sec_tag_list = 0;
+    tls_config->sec_tag_count = 0;
+    tls_config->hostname = CONFIG_MQTT_BROKER_HOSTNAME;
 }
 
 /**@brief Initialize the file descriptor structure used by poll.

and set CONFIG_MQTT_LIB_TLS. When I try I get error -45 from mqtt_connect. I get the same if I set peer_verify = 2.

Software versions:

nrf c1939d963fe2c18013ffb8de0bd8f6fc1d91724d
modem 0.6.8-30
  • 0

    I am experiencing the same issue and the same errno returned. I have not seen TLS working correctly on this system since I ran the Asset Tracker demo back in December. It seems that many things in the SDK have been broken since then.

    First, as stated above everything is fine for non-secured transport.

    I am attempting to connect to AWS. The flow is:

    • Load certificates (CA, private, public) via the nrf_inbuilt functionality. All operations succeed
    • Connect to LTE succeeds
    • Set TLS parameters (peer_verify = 2) and using the certificates I loaded
    • Traced the code all the way to where nrf_connect is called. I stepped through the assembly once it is called and can tell it is failing in the secure_client_socket call. After that is called it calls bsd_os_errno_set to set the errno to 45

    I am happy to share source code and the test certificates I am using...

    IDE:              Segger Embedded Studio v4.14 (I have heard v4.16 is having issues so I have not upgraded yet)

    nrf version:    v0.3.0 tag

    modem:         0.6.8-131.alpha

    device:           tried it on both the nrf9160 DK and a custom board we built

  • 0 in reply to Jonathan

    I just tried building using the latest from master in the mcuboot, nrf, nrfxlib, and zephyr projects. There are too many errors to try to remedy when attempting this. If I need to be using newer code from the repos than 0.3.0 can you please call out the commit number for the repos.

    Thanks

  • 0 in reply to Jonathan

    Just double checking, are you aware of the changes in how to check everything out and build with "west" that happened after v0.3.0?  If not, you probably want to go back and read the Zephyr "Getting Started" page to figure out how to use it.

    https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/getting_started.html

    I was able to do a west update using the manifest in fw-nrfconnect-nrf as of commit ecc4ded86716fcf4b94e80efca450b3ddb4b7a26 and the asset_tracker application builds fine with a board type of nrf9160_pca10090ns.

  • 0 in reply to jbrzozoski

    Thanks. I was under the impression that SES 4.16 supported the latest based on the documentation I read online but I guess it does not yet.

    I will go the west route.

    Thanks for the pointer. Have you ever successfully got a TLS connection to AWS?

  • 0 in reply to Jonathan

    I think SES 4.16 can do everything once you have done a "west update" to get all the proper code revisions, but it just assumes you're already on the right repositories.

    I have done TLS connections to my MQTT broker running inside AWS, but I am terminating the TLS on the broker directly and not on an Amazon load balancer.  I also have peer_verify set to 0 and no keys/certs loaded on the nrf9160, so I currently have no guarantees against MITM, etc.

Related