• State Verified Answer
  • Replies 5 replies
  • Subscribers 63 subscribers
  • Views 1244 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 257761
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

TLS handshake in aws_iot_connect() function

ReneDelgado

Hi,

Currently we working on a project that uses:

  • nRF9160
  •  Zyphre OS
  •  Segger Embedded Studio for  Arm (Nordic Edition) V4.52
  •  SDK v1.3
  • CONFIG_MQTT_LIB_TLS

In  nRF Connect SDK - AWS IoT  it mentions that the TLS handshake is performed in the aws_iot_connect() function, specifically in the following note:

After a thorough review we have not found where the TLS handshake is do it, We think the TLS handshake is doing in some of these functions (zephyr\subsys\net\lib\mqtt\mqtt.c):

  • mqtt_transport_connect(client);
  • connect_request_encode(client, &packet);
  • mqtt_transport_write(client, packet.cur,packet.end - packet.cur);

Could someone from your team tell us where is the TLS handshake inside the aws_iot_connect() ?

Thanks a lot,

René D.

Parents
  • 0

    Hi,

    aws_iot_connect() calls mqtt_connect() which calls client_connect() which calls mqtt_transport_connect().

    mqtt_transport_connect() calls transport_fn[client->transport.type].connect(). The MQTT library supports three transport layers, TCP, TLS and websockets. Each of the transports has defined a struct, filled with transport specific functions, and placed those structs in the transport_fn array. This way, the MQTT library can use a single interface for both transports.

    As you are using TLS, mqtt_transport_connect() will call mqtt_client_tls_connect() in mqtt_transport_socket_tls.c. In mqtt_client_tls_connect(), you will see the socket be created, and the relevant socket options being set. In the end, mqtt_client_tls_connect() calls connect().

    The call to connect() will go through Zephyr's socket offloading layer (you are free to explore the details of this yourself), and end up nrf91_socket_offload_connect() in nrf/lib/bsdlib/nrf91_socket.c. Here, we convert from Zephyr's sockets, to bsdlib's nrf_sockets. The call to connect() ends up converted to a call to nrf_connect().

    nrf_connect() is implemented in bsdlib, which is only distributed as a pre-compiled library, so our exploration ends here. However, bsdlib will forward the function call to the modem, which is where the TLS stack resides.

    In short, the call to aws_iot_connect() will go through a lot of intermediate functions, before ending up in the modem, which is where the magic happens.

    Best regards,

    Didrik

  • 0 in reply to Didrik Rokhaug

    Hello, thanks for your answer, it describes very well the calls to the functions. But It not mentioning anything related to TLS Handshake therefore I am not answering my question.

    What we want to know is:

    Where is the TLS Hanshake done, mentioned in the note that I pasted in my previous comment? The notes are in the Nordic Wiki for that reason I question to your Team.

    Best Regards,

    René D.

  • 0 in reply to ReneDelgado

    The TLS stack is in the modem, so the modem will handle the TLS handshake.

    Why do you want to know where the TLS handshake happens?

Reply Children
Related