I am using v2.0.0 (zephyr v3.0.99-ncs1) on an nrf9160dk.
I am trying to work around the modem library 2k TLS limit with the modem referenced in this comment:
RE: Asset_tracker_v2 disconnect from AWS when shadow data is more than 2k
The issue comes up when try to use fleet provisioning on AWS IoT. The call to $aws/certificates/create/json to create a certificate returns the certificates on $aws/certificates/create/json/accepted which is about 3600 bytes of JSON data. The result is that the socket immediately disconnects with an error of -122 (EMSGSIZE). I tested with another topic and packets < 2k are fine but roughly larger than that results in the error and disconnect. The preference is to not have to solve this using a lambda to break apart the response message.
This led me to reading up on using the offloaded sockets with native TLS.
I added the contents of overlay-native_tls.conf from serial_lte_modem to my build to make sure mbed_tls is compiled in with the proper config. I added
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=4096
I noticed the set_native_tls flag on struct mqtt_sec_config which ends up adding SOCK_NATIVE_TLS to the flags to the socket() call. When I enable that, the call to mqtt_connect returns -22 (EINVAL). I traced it down to the zsock_connect() call in mqtt_client_tls_connect() in mqtt_transport_socket_tls.c. Leaving set_native_tls set to false will create the socket connection, but doesn't appear to use native TLS.
I am at a bit of a loss on how to proceed from here. I noticed in the https_client sample that it creates the sockets in the application itself. I have been assuming that I could just use the Zephyr mqtt client library as-is and configure TLS using CONFIG options paired with the set_native_tls flag to just change lower-level socket operations. Is that a bad assumption?
Is there a definitive guide somewhere to using native TLS with offloaded sockets?
Thank you.
