How to use MQTT+TLS in nRF9160?

Question

I'm working on a project using nRF9160 DK.

How can you use MQTT+TLS in nRF9160?

Where should ca certificate file be stored?

I modified the code below in mqtt_simple project. What code should I modify additionaly?

<prj.conf>
CONFIG_MQTT_LIB_TLS=y

<main.c>

/**@brief Initialize the MQTT client structure
 */
static void client_init(struct mqtt_client *client)
{
	mqtt_client_init(client);

	broker_init();

        /* Add from here */
        static struct mqtt_utf8 password;
	static struct mqtt_utf8 user_name;

	password.utf8 = (u8_t *)MQTT_PASSWORD;
	password.size = strlen(MQTT_PASSWORD);
	user_name.utf8 = (u8_t *)MQTT_USERNAME;
	user_name.size = strlen(MQTT_USERNAME);
        /* to here */

	/* MQTT client configuration */
	client->broker = &broker;
	client->evt_cb = mqtt_evt_handler;
	client->client_id.utf8 = (u8_t *)CONFIG_MQTT_CLIENT_ID;
	client->client_id.size = strlen(CONFIG_MQTT_CLIENT_ID);
	client->password = &password; // Add here
	client->user_name = &user_name; // Add here
	client->protocol_version = MQTT_VERSION_3_1_0; // originally MQTT_VERSION_3_1_1

	/* MQTT buffers configuration */
	client->rx_buf = rx_buffer;
	client->rx_buf_size = sizeof(rx_buffer);
	client->tx_buf = tx_buffer;
	client->tx_buf_size = sizeof(tx_buffer);

	/* MQTT transport configuration */ 
    /* MODIFIED HERE */
    #if defined(CONFIG_MQTT_LIB_TLS)
       client->transport.type = MQTT_TRANSPORT_SECURE;
       client->transport.tls.config.peer_verify = 0;
       client->transport.tls.config.cipher_count = 0;
       client->transport.tls.config.cipher_list = NULL;
       client->transport.tls.config.sec_tag_count = 0;
       client->transport.tls.config.seg_tag_list = NULL;
       client->transport.tls.config.hostname = NULL;
    #else
       client->transport.type = MQTT_TRANSPORT_NON_SECURE;
    #endif
}

Yusuke · Accepted Answer

OK. Finally I solved this issue, but I don't really understand what's going on. Basically I started over nrf9160 setting following Get Started Assisstant. 
 1. Update library: brew upgrade 
 2. Choose ncs_tag of v1.0.0-rc3 
 3. Copy the original prj.conf file, open MQTT+TLS project by "Open nRF Connect SDK Project", and rebuild it instead of build . 
 4. Copy the prj.conf file that KentaM shows above. Change url and client id according to your AWS IoT core setting. Set a certificates.h in src folder. Modify main.c 
 5. O pen MQTT+TLS project again by "Open nRF Connect SDK Project", and rebuild it instead of build. 
 6. Connect J-Link and download the built Intel hex file to DK board util you don't see timeout error. It often causes timeout error in downloading. 
 7. Push reset button. 
 Thank you so much, KentaM!!

How to use MQTT+TLS in nRF9160?

Top Replies