Closed
Description
Platform
- Hardware: ESP8266 Wemos D1 mini
Settings in IDE
- Module: Wemos D1 mini
- Flash Size: 4MB
- CPU Frequency: 80Mhz
- Upload Using: SERIAL
- Upload Speed: 115200
Problem Description
I'm trying to make a secure connection using TLS through the library Wificlientsecure ( With the library WifiClient it works perfectly). The certificates' exchange is done without problems but the connection never success. In mosquitto's broker i see the following:
- New connection from 10.228.54.79 on port 8883.
and some secons after...
- Socket error on client <unknown>, disconnecting.
I don't know why the ESP8266 verifies the broker but after a few seconds it aborts it.
mosquitto.conf:
allow_anonymous false
password_file /etc/mosquitto/conf.d/passwd
listener 8883
cafile /etc/mosquitto/conf.d/Certificates/mqtt_ca.crt
certfile /etc/mosquitto/conf.d/Certificates/mqtt_server.crt
keyfile /etc/mosquitto/conf.d/Certificates/mqtt_server.key
require_certificate true //Despues de cargar los certificados
tls_version tlsv1
I generated the certificates following this procedure:
1) Generate a CA certificate and key
sudo openssl req -new -x509 -days 3650 -extensions v3_ca -keyout mqtt_ca.key -out mqtt_ca.crt
2) Generate a server key
sudo openssl genrsa -out mqtt_server.key 2048
3) Generate a certificate signing request to send to the CA
sudo openssl req -out mqtt_server.csr -key mqtt_server.key -new
4) Send the CSR to the CA, or sign it with your CA key
sudo openssl x509 -req -in mqtt_server.csr -CA mqtt_ca.crt -CAkey mqtt_ca.key -CAcreateserial -out mqtt_server.crt -days 3650
Sketch
#include <Arduino.h>
void setup() {
Serial.begin(115200);
Serial.setDebugOutput(true);
delay(10);
// initialize the pushbutton pin as an input:
pinMode(buttonPin3, INPUT_PULLUP);
attachInterrupt(buttonPin3, push3, FALLING);
pinMode(buttonPin4, INPUT_PULLUP);
attachInterrupt(buttonPin4, push4, FALLING);
// Connect to WiFi access point.
Serial.println(); Serial.println();
Serial.print("Connecting to ");
Serial.println(WLAN_SSID);
WiFi.begin(WLAN_SSID, WLAN_PASS);
delay(2000);
while (WiFi.status() != WL_CONNECTED) {
delay(500);
Serial.print(".");
}
Serial.println();
Serial.println("WiFi connected");
Serial.println("IP address: "); Serial.println(WiFi.localIP());
SPIFFS.begin();
//Load CA's certificate
File ca = SPIFFS.open("/mqtt_caCert.der", "r");
if (!ca) {
Serial.println("Failed to open ca file");
} else {
Serial.println("Success to open ca file");
}
if(client.loadCACert(ca,ca.size())) {
Serial.println("loaded");
} else {
Serial.println("not loaded");
}
firstTime3 = millis();
// Setup MQTT will to set on/off to "0" when we disconnect
mqtt.will(AIO_USERNAME "/feeds/0003/onoff", "0", 1, 0); // topic, message, qos, retain
verifyFingerprint();
}
void loop() {
}
void verifyFingerprint() {
const char* host = AIO_SERVER;
Serial.print("Connecting to ");
Serial.println(host);
if (! client.connect(host, AIO_SERVERPORT)) {
Serial.println("Connection failed. Halting execution.");
while(1);
}
if (client.verify(fingerprint, host)) {
Serial.println("Connection secure.");
} else {
Serial.println("Connection insecure! Halting execution.");
while(1);
}
}
Debug Messages
Connecting to SHOPFLOOR2
connected with SHOPFLOOR2, channel 6
dhcp client start...
ip:10.228.54.79,mask:255.255.255.0,gw:10.228.54.1
WiFi connected
IP address:
10.228.54.79
SPIFFSImpl: allocating 512+240+1400=2152 bytes
SPIFFSImpl: mounting fs @100000, size=2fb000, block=2000, page=100
SPIFFSImpl: mount rc=0
Success to open ca file
=== CERTIFICATE ISSUED TO ===
Common Name (CN): CAMqtt
Organization (O):
Organizational Unit (OU): IT
Location (L): Zaragoza
Country (C): ES
State (ST): Zaragoza
Basic Constraints: CA:TRUE, pathlen:10000
=== CERTIFICATE ISSUED BY ===
Common Name (CN): CAMqtt
Organization (O):
Organizational Unit (OU): IT
Location (L): Zaragoza
Country (C): ES
State (ST): Zaragoza
Not Before: Fri Mar 16 10:18:32 2018
Not After: Mon Mar 13 10:18:32 2028
RSA bitsize: 2048
Sig Type: SHA256
loaded
Connecting to ESZARASSRVIOT001.eu.net
[hostByName] request IP for: ESZARASSRVIOT001.eu.net
[hostByName] Host: ESZARASSRVIOT001.eu.net IP: 10.228.48.94
State: sending Client Hello (1)
State: receiving Server Hello (2)
State: receiving Certificate (11)
=== CERTIFICATE ISSUED TO ===
Common Name (CN): ESZARASSRVIOT001.eu.net
Organization (O):
Organizational Unit (OU): IT
Location (L): Zaragoza
Country (C): ES
State (ST): Zaragoza
=== CERTIFICATE ISSUED BY ===
Common Name (CN): CAMqtt
Organization (O):
Organizational Unit (OU): IT
Location (L): Zaragoza
Country (C): ES
State (ST): Zaragoza
Not Before: Fri Mar 16 10:21:45 2018
Not After: Mon Mar 13 10:21:45 2028
RSA bitsize: 2048
Sig Type: SHA256
=== CERTIFICATE ISSUED TO ===
Common Name (CN): CAMqtt
Organization (O):
Organizational Unit (OU): IT
Location (L): Zaragoza
Country (C): ES
State (ST): Zaragoza
Basic Constraints: CA:TRUE, pathlen:10000
=== CERTIFICATE ISSUED BY ===
Common Name (CN): CAMqtt
Organization (O):
Organizational Unit (OU): IT
Location (L): Zaragoza
Country (C): ES
State (ST): Zaragoza
Not Before: Fri Mar 16 10:18:32 2018
Not After: Mon Mar 13 10:18:32 2028
RSA bitsize: 2048
Sig Type: SHA256
State: receiving Server Hello Done (14)
State: sending Client Key Exchange (16)
State: sending Finished (16)
State: receiving Finished (16)
domain name: 'ESZARASSRVIOT001.eu.net
Connection secure.
SPIFFS_close: fd=1
:abort
Thanks in advance. I've tried everything, stuck with this for a week.
Metadata
Metadata
Assignees
Labels
No labels