Using SSL security with MQTT protocol

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
Anonymous
Not applicable

Hello Team,

We are using Wiced SDK 3.3.1.  We want to use SSL security while communicating over MQTT.  Can you please provide a sample code of using SSL security with MQTT protocol?

Thanks and Regards,

Amit

0 Likes
3 Replies
Anonymous
Not applicable

adahiya

Hi, any progress on this issue?

/Steve

0 Likes

Refer toWICED SDK supporting Amazon Web Services 3.4.0-AWS

This has sample application over TLS1.2 . We do not have example using SSL and support for SSL is deprecated in our SDK.


Thanks,

vik86

0 Likes
chli_2118906
Level 3
Level 3
First like received

The answer to this question for the now depreciated library is pretty basic.  I've noticed a couple of problems with the old library, but currently no show stoppers.  First, it is necessary to fix three lines of code in "MQTTWiced.c".  In functions "wiced_mqtt_connect", "wiced_mqtt_subscribe" and "wicked_mqtt_publish", modify the return line to:  "return ( rc == MQTT_FAILURE ) ? WICED_ERROR : WICED_SUCCESS;".  In function "wiced_read" change the last statement from "return result;" to "return -1;"  This fixes another problem.

This fixes a logic issue.  In "wicked_lib.c" modify the very last statement from "return -1;" to "return error;".  This fixes a logic error in that code.

Finally, the following code works perfect to my MQTT server with a self signed CA certificate.  I need to point out that this code has the original google CA certificate and that is worthless.  For this code to work, you'll need to use openSSL to generate your own self signed certificate and server certificates.

The basic code looks like this:

void application_start( )

{

    Network mqtt_network;

    Client mqtt_client;

    unsigned char buf[ 100 ];

    unsigned char readbuf[ 100 ];

    wiced_result_t    result;

    const char* peer_cn = MQTT_TARGET_IP;

    wiced_tls_simple_context_t context;

    wiced_ip_address_t ip_address;

    wiced_init( ); // Set up the WICED core and the WLAN connection

    /* Initialize MQTT */

    wiced_mqtt_init( &mqtt_network ); //set up function pointers

    wiced_mqtt_buffer_init( &mqtt_client, &mqtt_network, buf, 100, readbuf, 100 );

    mqtt_network.hostname = MQTT_TARGET_IP;

    mqtt_network.ip_address = &ip_address;

    mqtt_network.port = MQTTS_BROKER_PORT;

    /* Bring up the network interface */

    wiced_network_up( WICED_STA_INTERFACE, WICED_USE_EXTERNAL_DHCP_SERVER, NULL );

    WPRINT_APP_INFO( ( "Resolving IP address of Secure MQTTS server\n" ) );

    wiced_hostname_lookup(mqtt_network.hostname, &ip_address, 10000);

    WPRINT_APP_INFO( ( "Server is at %u.%u.%u.%u\n",  (uint8_t)(GET_IPV4_ADDRESS(ip_address) >> 24),

                                                      (uint8_t)(GET_IPV4_ADDRESS(ip_address) >> 16),

                                                      (uint8_t)(GET_IPV4_ADDRESS(ip_address) >> 8),

                                                      (uint8_t)(GET_IPV4_ADDRESS(ip_address) >> 0) ) );

    /* Initialize the root CA certificate */

    result = wiced_tls_init_root_ca_certificates( google_root_ca_certificate );

    if ( result != WICED_SUCCESS )

    {

        WPRINT_APP_INFO( ( "Error: Root CA certificate failed to initialize: %u\n", result) );

        return;

    }

    // Got the root certificate loaded

    wiced_tls_init_simple_context( &context, peer_cn );

    if ( wiced_tcp_create_socket( &mqtt_network.my_socket, WICED_STA_INTERFACE ) != WICED_SUCCESS )

    {

        WPRINT_APP_INFO(("TCP socket creation failed\n"));

        return;

    }

    wiced_tcp_enable_tls(&mqtt_network.my_socket, &context );

    // create the socket connection

    result = wiced_tcp_connect( &mqtt_network.my_socket, &ip_address, mqtt_network.port, 20000 );

    if ( result != WICED_SUCCESS )

    {

        wiced_tcp_delete_socket( &mqtt_network.my_socket );

    WPRINT_APP_INFO( ("TCP Connect Failure\n") );

        return;

    }

    // Got the socket connection completed

    WPRINT_APP_INFO( ("Secure Connection Setup completed\n") );

    // this sets up stuff in the mqtt_client structure and connects

    result = wiced_mqtt_connect( &mqtt_client, MQTT_CLIENT_ID, MQTT_USERNAME, MQTT_PASSWD );

    if ( result != WICED_SUCCESS )

    {

        wiced_tcp_delete_socket( &mqtt_network.my_socket );

    WPRINT_APP_INFO( ("MQTT Connect Failure = %d\n", result) );

        return;

    }

    // this sets up stuff in the mqtt_client structure

    result = wiced_mqtt_subscribe( &mqtt_client, MQTT_TOPIC_NAME, messageArrived );

    if ( result != WICED_SUCCESS )

    {

        wiced_tcp_delete_socket( &mqtt_network.my_socket );

    WPRINT_APP_INFO( ("MQTT Subscribe Failure =%d\n", result) );

        return;

    }

    while ( 1 )

    {

        wiced_subscribe( &mqtt_client );

        wiced_rtos_delay_milliseconds( 100 );

    }

}

I can't figure out how to attach the code here so...Enjoy.