• State Verified Answer
  • Replies 16 replies
  • Subscribers 68 subscribers
  • Views 8485 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 230609
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to use MQTT+TLS in nRF9160?

Yusuke

I'm working on a project using nRF9160 DK.

How can you use MQTT+TLS in nRF9160?

Where should ca certificate file be stored?

I modified the code below in mqtt_simple project. What code should I modify additionaly?

<prj.conf>
CONFIG_MQTT_LIB_TLS=y

<main.c>

/**@brief Initialize the MQTT client structure
 */
static void client_init(struct mqtt_client *client)
{
	mqtt_client_init(client);

	broker_init();

        /* Add from here */
        static struct mqtt_utf8 password;
	static struct mqtt_utf8 user_name;

	password.utf8 = (u8_t *)MQTT_PASSWORD;
	password.size = strlen(MQTT_PASSWORD);
	user_name.utf8 = (u8_t *)MQTT_USERNAME;
	user_name.size = strlen(MQTT_USERNAME);
        /* to here */

	/* MQTT client configuration */
	client->broker = &broker;
	client->evt_cb = mqtt_evt_handler;
	client->client_id.utf8 = (u8_t *)CONFIG_MQTT_CLIENT_ID;
	client->client_id.size = strlen(CONFIG_MQTT_CLIENT_ID);
	client->password = &password; // Add here
	client->user_name = &user_name; // Add here
	client->protocol_version = MQTT_VERSION_3_1_0; // originally MQTT_VERSION_3_1_1

	/* MQTT buffers configuration */
	client->rx_buf = rx_buffer;
	client->rx_buf_size = sizeof(rx_buffer);
	client->tx_buf = tx_buffer;
	client->tx_buf_size = sizeof(tx_buffer);

	/* MQTT transport configuration */ 
    /* MODIFIED HERE */
    #if defined(CONFIG_MQTT_LIB_TLS)
       client->transport.type = MQTT_TRANSPORT_SECURE;
       client->transport.tls.config.peer_verify = 0;
       client->transport.tls.config.cipher_count = 0;
       client->transport.tls.config.cipher_list = NULL;
       client->transport.tls.config.sec_tag_count = 0;
       client->transport.tls.config.seg_tag_list = NULL;
       client->transport.tls.config.hostname = NULL;
    #else
       client->transport.type = MQTT_TRANSPORT_NON_SECURE;
    #endif
}

  • 0 in reply to Yusuke

    Hello, KentaM!

    CONFIG_SEC_TAG may be wrong value so that the error may be caused. How do you decide the value? random value?

  • 0 in reply to Yusuke

    I used GitHub's prj.conf, which Hakon taught me, almost as it is.

    It looks like an error with CA_CERTIFICATE, but is the CA certificate correct?

    https://github.com/joakimtoe/fw-nrfconnect-nrf/blob/36532a8ca60bf7139a988b5cbb4e6cb47948a9fa/samples/nrf9160/mqtt_simple_tls/prj.conf

    By the way, I do not understand the meaning of CONFIG_SEC_TAG ... (tell me ...)

  • 0 in reply to Kenta

    About certificates, I downloaded three files from AWS IoT
    - Amazon_Root_CA_1.pem(ca crt)
    - xxxxxx-certificate.pem.crt(client crt, not public key)
    - yyyyyy-private.pem.key(client private key)

    I overwrote certificates.h put in src folder according to them.

    The following message indicates that deleting the builtin certificate files was not successful. So I don't think AWS certificate files are related to this issue.

    nrf_inbuilt_key_delete(16842753, 1) => result=14

    Could you show me the content of the prj.conf again if possible? mqtt_simple prj.conf sets a value in CONFIG_SEC_TAG while mqtt_simple_tls project prj.conf sets a value in CONFIG_MQTT_TLS_SEC_TAG.

  • 0 in reply to Yusuke

    prj.conf

    # General config
CONFIG_TEST_RANDOM_GENERATOR=y

# Networking
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS_OFFLOAD=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y

# LTE link control
CONFIG_LTE_LINK_CONTROL=y
CONFIG_LTE_AUTO_INIT_AND_CONNECT=n

# BSD library
CONFIG_BSD_LIBRARY=y

# AT Host
CONFIG_UART_INTERRUPT_DRIVEN=y
CONFIG_AT_HOST_LIBRARY=y
#CONFIG_SPM=n

# MQTT
CONFIG_MQTT_LIB=y
CONFIG_MQTT_LIB_TLS=y

# Appliaction
#CONFIG_MQTT_PUB_TOPIC="/my/publish/topic"
#CONFIG_MQTT_SUB_TOPIC="/my/subscribe/topic"
#CONFIG_MQTT_CLIENT_ID="my-client-id"
#CONFIG_MQTT_BROKER_HOSTNAME="iot.eclipse.org"
#CONFIG_MQTT_BROKER_PORT=1883

CONFIG_MQTT_PUB_TOPIC="myTopic/publish"
CONFIG_MQTT_SUB_TOPIC="myTopic/subscribe"
CONFIG_MQTT_CLIENT_ID="nRF9160-DK"
CONFIG_MQTT_BROKER_HOSTNAME="a544w27l82h92-ats.iot.us-east-1.amazonaws.com"
CONFIG_MQTT_BROKER_PORT=8883

CONFIG_SEC_TAG=16842753

CONFIG_PROVISION_CERTIFICATES=y
CONFIG_CERTIFICATES_FILE="certificates.h"

# Main thread
CONFIG_MAIN_THREAD_PRIORITY=7
CONFIG_MAIN_STACK_SIZE=4096
CONFIG_HEAP_MEM_POOL_SIZE=1024

CONFIG_NO_OPTIMIZATIONS=y

    By the way, I will do a study session, will you come?
    Saturday.

    atnd.org/.../106150

  • 0 in reply to Kenta

    @

    I can't solve the above issue yet.
    I tried a project, which KentaM uses successfully, with two different 0.8.2 DK boards, and they throw the same error. He gave me the whole project files including certificates.h through private message and I used it. The project should be the exactly same.

    During nrf_inbuilt_key_delete, the project throws an error(14), "Bad Address."

    SPM: NS image at 0x8000
SPM: NS MSP at 0x200240d8
SPM: NS reset vector at 0xb609
SPM: prepare to jump to Non-Secure image.
***** Booting Zephyr OS v1.14.99-ncs1 *****
The MQTT simple sample started
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 0) => result=2
Deleting certs sec_tag: 16842753
***** BUS FAULT *****
  Precise data bus error
  BFAR Address: 0x2800460d
***** Hardware exception *****
Current thread ID = 0x200203fc
Faulting instruction address = 0x1682c
Fatal fault in thread 0x200203fc! Aborting.
nrf_inbuilt_key_delete(16842753, 1) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 2) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 3) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 4) => result=14
Write ca certs sec_tag: 16842753
CA_CERTIFICATE err: 14
LTE Link Connecting ...
LTE Link Connected!
ERROR: getaddrinfo failed 22
ERROR: mqtt_connect -47

    I'm sure the firmware is the latest one, 0.7.0-29.alpha.
    ncs_tag is v0.4.0

    mqtt_simple project which doesn't include TLS works fine. However, when it includes TLS procedure, it throws the error.

    Any help?

Related