TLS handshake in aws_iot_connect() function

Hi,

Currently we working on a project that uses:

  • nRF9160
  •  Zyphre OS
  •  Segger Embedded Studio for  Arm (Nordic Edition) V4.52
  •  SDK v1.3
  • CONFIG_MQTT_LIB_TLS

In  nRF Connect SDK - AWS IoT  it mentions that the TLS handshake is performed in the aws_iot_connect() function, specifically in the following note:

After a thorough review we have not found where the TLS handshake is do it, We think the TLS handshake is doing in some of these functions (zephyr\subsys\net\lib\mqtt\mqtt.c):

  • mqtt_transport_connect(client);
  • connect_request_encode(client, &packet);
  • mqtt_transport_write(client, packet.cur,packet.end - packet.cur);

Could someone from your team tell us where is the TLS handshake inside the aws_iot_connect() ?

Thanks a lot,

René D.

Parents
  • Hi,

    aws_iot_connect() calls mqtt_connect() which calls client_connect() which calls mqtt_transport_connect().

    mqtt_transport_connect() calls transport_fn[client->transport.type].connect(). The MQTT library supports three transport layers, TCP, TLS and websockets. Each of the transports has defined a struct, filled with transport specific functions, and placed those structs in the transport_fn array. This way, the MQTT library can use a single interface for both transports.

    As you are using TLS, mqtt_transport_connect() will call mqtt_client_tls_connect() in mqtt_transport_socket_tls.c. In mqtt_client_tls_connect(), you will see the socket be created, and the relevant socket options being set. In the end, mqtt_client_tls_connect() calls connect().

    The call to connect() will go through Zephyr's socket offloading layer (you are free to explore the details of this yourself), and end up nrf91_socket_offload_connect() in nrf/lib/bsdlib/nrf91_socket.c. Here, we convert from Zephyr's sockets, to bsdlib's nrf_sockets. The call to connect() ends up converted to a call to nrf_connect().

    nrf_connect() is implemented in bsdlib, which is only distributed as a pre-compiled library, so our exploration ends here. However, bsdlib will forward the function call to the modem, which is where the TLS stack resides.

    In short, the call to aws_iot_connect() will go through a lot of intermediate functions, before ending up in the modem, which is where the magic happens.

    Best regards,

    Didrik

  • Hello, thanks for your answer, it describes very well the calls to the functions. But It not mentioning anything related to TLS Handshake therefore I am not answering my question.

    What we want to know is:

    Where is the TLS Hanshake done, mentioned in the note that I pasted in my previous comment? The notes are in the Nordic Wiki for that reason I question to your Team.

    Best Regards,

    René D.

Reply
  • Hello, thanks for your answer, it describes very well the calls to the functions. But It not mentioning anything related to TLS Handshake therefore I am not answering my question.

    What we want to know is:

    Where is the TLS Hanshake done, mentioned in the note that I pasted in my previous comment? The notes are in the Nordic Wiki for that reason I question to your Team.

    Best Regards,

    René D.

Children
Related