3 Replies Latest reply on Oct 21, 2015 8:44 AM by chucklink

    Using SSL security with MQTT protocol

    adahiya

      Hello Team,

       

      We are using Wiced SDK 3.3.1.  We want to use SSL security while communicating over MQTT.  Can you please provide a sample code of using SSL security with MQTT protocol?

       

      Thanks and Regards,

      Amit

        • 1. Re: Using SSL security with MQTT protocol
          cypherbridge

          adahiya

          Hi, any progress on this issue?

           

          /Steve

          • 2. Re: Using SSL security with MQTT protocol
            vikr

            Refer toWICED SDK supporting Amazon Web Services 3.4.0-AWS

            This has sample application over TLS1.2 . We do not have example using SSL and support for SSL is deprecated in our SDK.


            Thanks,

            vik86

            • 3. Re: Using SSL security with MQTT protocol
              chucklink

              The answer to this question for the now depreciated library is pretty basic.  I've noticed a couple of problems with the old library, but currently no show stoppers.  First, it is necessary to fix three lines of code in "MQTTWiced.c".  In functions "wiced_mqtt_connect", "wiced_mqtt_subscribe" and "wicked_mqtt_publish", modify the return line to:  "return ( rc == MQTT_FAILURE ) ? WICED_ERROR : WICED_SUCCESS;".  In function "wiced_read" change the last statement from "return result;" to "return -1;"  This fixes another problem.

               

              This fixes a logic issue.  In "wicked_lib.c" modify the very last statement from "return -1;" to "return error;".  This fixes a logic error in that code.

               

              Finally, the following code works perfect to my MQTT server with a self signed CA certificate.  I need to point out that this code has the original google CA certificate and that is worthless.  For this code to work, you'll need to use openSSL to generate your own self signed certificate and server certificates.

               

              The basic code looks like this:

              void application_start( )

              {

                  Network mqtt_network;

                  Client mqtt_client;

                  unsigned char buf[ 100 ];

                  unsigned char readbuf[ 100 ];

                  wiced_result_t    result;

                  const char* peer_cn = MQTT_TARGET_IP;

                  wiced_tls_simple_context_t context;

                  wiced_ip_address_t ip_address;

               

                  wiced_init( ); // Set up the WICED core and the WLAN connection

                  /* Initialize MQTT */

                  wiced_mqtt_init( &mqtt_network ); //set up function pointers

                  wiced_mqtt_buffer_init( &mqtt_client, &mqtt_network, buf, 100, readbuf, 100 );

                  mqtt_network.hostname = MQTT_TARGET_IP;

                  mqtt_network.ip_address = &ip_address;

                  mqtt_network.port = MQTTS_BROKER_PORT;

                  /* Bring up the network interface */

                  wiced_network_up( WICED_STA_INTERFACE, WICED_USE_EXTERNAL_DHCP_SERVER, NULL );

                  WPRINT_APP_INFO( ( "Resolving IP address of Secure MQTTS server\n" ) );

                  wiced_hostname_lookup(mqtt_network.hostname, &ip_address, 10000);

                  WPRINT_APP_INFO( ( "Server is at %u.%u.%u.%u\n",  (uint8_t)(GET_IPV4_ADDRESS(ip_address) >> 24),

                                                                    (uint8_t)(GET_IPV4_ADDRESS(ip_address) >> 16),

                                                                    (uint8_t)(GET_IPV4_ADDRESS(ip_address) >> 8),

                                                                    (uint8_t)(GET_IPV4_ADDRESS(ip_address) >> 0) ) );

                  /* Initialize the root CA certificate */

                  result = wiced_tls_init_root_ca_certificates( google_root_ca_certificate );

                  if ( result != WICED_SUCCESS )

                  {

                      WPRINT_APP_INFO( ( "Error: Root CA certificate failed to initialize: %u\n", result) );

                      return;

                  }

                  // Got the root certificate loaded

                  wiced_tls_init_simple_context( &context, peer_cn );

                  if ( wiced_tcp_create_socket( &mqtt_network.my_socket, WICED_STA_INTERFACE ) != WICED_SUCCESS )

                  {

                      WPRINT_APP_INFO(("TCP socket creation failed\n"));

                      return;

                  }

                  wiced_tcp_enable_tls(&mqtt_network.my_socket, &context );

                  // create the socket connection

                  result = wiced_tcp_connect( &mqtt_network.my_socket, &ip_address, mqtt_network.port, 20000 );

                  if ( result != WICED_SUCCESS )

                  {

                      wiced_tcp_delete_socket( &mqtt_network.my_socket );

                  WPRINT_APP_INFO( ("TCP Connect Failure\n") );

                      return;

                  }

                  // Got the socket connection completed

                  WPRINT_APP_INFO( ("Secure Connection Setup completed\n") );

                  // this sets up stuff in the mqtt_client structure and connects

                  result = wiced_mqtt_connect( &mqtt_client, MQTT_CLIENT_ID, MQTT_USERNAME, MQTT_PASSWD );

                  if ( result != WICED_SUCCESS )

                  {

                      wiced_tcp_delete_socket( &mqtt_network.my_socket );

                  WPRINT_APP_INFO( ("MQTT Connect Failure = %d\n", result) );

                      return;

                  }

                  // this sets up stuff in the mqtt_client structure

                  result = wiced_mqtt_subscribe( &mqtt_client, MQTT_TOPIC_NAME, messageArrived );

                  if ( result != WICED_SUCCESS )

                  {

                      wiced_tcp_delete_socket( &mqtt_network.my_socket );

                  WPRINT_APP_INFO( ("MQTT Subscribe Failure =%d\n", result) );

                      return;

                  }

                  while ( 1 )

                  {

                      wiced_subscribe( &mqtt_client );

                      wiced_rtos_delay_milliseconds( 100 );

                  }

              }

               

              I can't figure out how to attach the code here so...Enjoy.