This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nRF9160 Using MQTT with TLS

Hi everyone,

I am looking at using MQTT v3.1.1 with TLS 1.2, to send data to Azure IoT Hub.

I tested the MQTT Simple sample and it worked perfeclty. So I am modifying this project to enable TLS. To do so I followed those threads:

https://devzone.nordicsemi.com/nordic/nordic-blog/b/blog/posts/enabling-and-testing-tls-in-mqtt_5f00_simple

https://github.com/joakimtoe/fw-nrfconnect-nrf/commit/36532a8ca60bf7139a988b5cbb4e6cb47948a9fa#diff-607096fd76f1fd14e4c9453aa1dc8fd3

https://devzone.nordicsemi.com/f/nordic-q-a/44921/nrf9160-tls-and-mqtt

https://devzone.nordicsemi.com/f/nordic-q-a/49339/implementing-tls-with-mqtt-in-nrf9160

Right now I am able to create the TLS socket but I am stucked at the next step which is the connection step. 

When defining  tls_config->peer_verify = 2; I got back ERROR: mqtt_connect -45.

And when I define it to 0 or 1 there is no response, as if the nRF9160 is stucked somewhere.

My log is the following for peer_verify=2. It is the same for 0/1, but without the error code.

Fullscreen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
00> ***** Booting Zephyr OS build v2.0.99-ncs1 *****
00>
00> The MQTT simple sample started
00>
00> Deleting certs sec_tag: 2
00>
00> nrf_inbuilt_key_delete(2, 0) => result=0
00>
00> Deleting certs sec_tag: 2
00>
00> nrf_inbuilt_key_delete(2, 1) => result=0
00>
00> Deleting certs sec_tag: 2
00>
00> nrf_inbuilt_key_delete(2, 2) => result=0
00>
00> Deleting certs sec_tag: 2
00>
00> nrf_inbuilt_key_delete(2, 3) => result=2
00>
00> Deleting certs sec_tag: 2
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

It has to be noted that the certificates I used are working in an application on my computer. They are placed here in certificates.h and are using the right formatting.

In my project folder, my prof.conf file is the following:

Fullscreen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#
# Copyright (c) 2019 Nordic Semiconductor ASA
#
# SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic
#
# General config
CONFIG_PRINTK=y
CONFIG_CONSOLE=y
CONFIG_LOG=y
CONFIG_SERIAL=y
CONFIG_STDOUT_CONSOLE=y
CONFIG_UART_CONSOLE=n
CONFIG_RTT_CONSOLE=y
CONFIG_HAS_SEGGER_RTT=y
CONFIG_USE_SEGGER_RTT=y
# Random Generator
CONFIG_TEST_RANDOM_GENERATOR=y
# Networking
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

The Kconfig file there is the following:

Fullscreen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#
# Copyright (c) 2018 Nordic Semiconductor ASA
#
# SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic
#
menu "MQTT simple sample"
config PROVISION_CERTIFICATES
bool "Provision of certificate"
help
Enable run-time provisioning of certificates from the
certificates header file selected by using CERTIFICATES_FILE
config CERTIFICATES_FILE
string "Certificates to use"
depends on PROVISION_CERTIFICATES
default "certificates.h"
config SEC_TAG
int "Security tag to use for the connection"
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

And the main.c is :

Fullscreen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
/*
* Copyright (c) 2018 Nordic Semiconductor ASA
*
* SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic
*/
#include <zephyr.h>
#include <stdio.h>
#include <uart.h>
#include <string.h>
#include <net/mqtt.h>
#include <net/socket.h>
#include <lte_lc.h>
#include <certificates.h>
#if defined(CONFIG_BSD_LIBRARY)
#include "nrf_inbuilt_key.h"
#endif
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Looking at errno.h, I understand the error -45 as "Operation not supported on socket".

But which operation is not supported ?

How can I fix this ? And why is it hanging out when I use peer-verify=0 or 1 ?

Thank you in advance