mbedtls_x509_crt cacert; /*!< Container for the X.509 CA certificate */
+ mbedtls_x509_crt *cacert_ptr; /*!< Pointer to the cacert being used. */
+
mbedtls_x509_crt clientcert; /*!< Container for the X.509 client certificate */
mbedtls_pk_context clientkey; /*!< Container for the private key of the client
certificate */
-
- mbedtls_x509_crt *cacert_ptr; /*!< Pointer to the cacert being used. */
int sockfd; /*!< Underlying socket file descriptor. */
-Subproject commit 85ee406d03fd84f5613c6dead1ea653e384b9559
+Subproject commit a7b1cea5b3e246298607a8c64447765297626f36
/**
* @brief Set SSL certificate data (as PEM format).
* Note that, this function stores the pointer to data, rather than making a copy.
- * So we need to make sure to keep the data lifetime before cleanup the connection
+ * So this data must remain valid until after the connection is cleaned up
*
* @param t ssl transport
* @param[in] data The pem data
/**
* @brief Set SSL client certificate data for mutual authentication (as PEM format).
* Note that, this function stores the pointer to data, rather than making a copy.
- * So we need to make sure to keep the data lifetime before cleanup the connection
+ * So this data must remain valid until after the connection is cleaned up
*
* @param t ssl transport
* @param[in] data The pem data
/**
* @brief Set SSL client key data for mutual authentication (as PEM format).
* Note that, this function stores the pointer to data, rather than making a copy.
- * So we need to make sure to keep the data lifetime before cleanup the connection
+ * So this data must remain valid until after the connection is cleaned up
*
* @param t ssl transport
* @param[in] data The pem data
esp_tls_t *tls;
esp_tls_cfg_t cfg;
bool ssl_initialized;
- bool verify_server;
- bool mutual_authentication;
transport_ssl_conn_state_t conn_state;
} transport_ssl_t;
{
transport_ssl_t *ssl = esp_transport_get_context_data(t);
if (ssl->conn_state == TRANS_SSL_INIT) {
- if (ssl->cfg.cacert_pem_buf) {
- ssl->verify_server = true;
- }
- if (ssl->cfg.clientcert_pem_buf && ssl->cfg.clientkey_pem_buf) {
- ssl->mutual_authentication = true;
- }
ssl->cfg.timeout_ms = timeout_ms;
ssl->cfg.non_block = true;
ssl->ssl_initialized = true;
static int ssl_connect(esp_transport_handle_t t, const char *host, int port, int timeout_ms)
{
transport_ssl_t *ssl = esp_transport_get_context_data(t);
- if (ssl->cfg.cacert_pem_buf) {
- ssl->verify_server = true;
- }
- if (ssl->cfg.clientcert_pem_buf && ssl->cfg.clientkey_pem_buf) {
- ssl->mutual_authentication = true;
- }
+
ssl->cfg.timeout_ms = timeout_ms;
ssl->ssl_initialized = true;
ssl->tls = esp_tls_conn_new(host, strlen(host), port, &ssl->cfg);
if (ssl->ssl_initialized) {
esp_tls_conn_delete(ssl->tls);
ssl->ssl_initialized = false;
- ssl->verify_server = false;
- ssl->mutual_authentication = false;
}
return ret;
}
+++ /dev/null
-cmake_minimum_required(VERSION 3.5)
-
-get_filename_component(DEV_ROOT "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
-
-set(PROJECT_ROOT "${DEV_ROOT}/")
-
-set(SUBMODULE_ROOT "${DEV_ROOT}/../../../")
-
-set(PROJECT_NAME "mqtt_ssl_mutual_auth")
-
-include($ENV{IDF_PATH}/tools/cmake/project.cmake)
-
-set(MAIN_SRCS ${PROJECT_ROOT}/main/app_main.c)
-
-set(EXTRA_COMPONENT_DIRS "${EXTRA_COMPONENT_DIRS} ${SUBMODULE_ROOT}")
-set(BUILD_COMPONENTS "${BUILD_COMPONENTS} espmqtt")
-
-project(${PROJECT_NAME})
-
+++ /dev/null
-# ESPMQTT SSL Sample application
-
-Navigate to the main directory
-
-```
-cd main
-```
-
-Generate a client key and a CSR. When you are generating the CSR, do not use the default values. At a minimum, the CSR must include the Country, Organisation and Common Name fields.
-
-```
-openssl genrsa -out client.key
-openssl req -out client.csr -key client.key -new
-```
-
-Paste the generated CSR in the [Mosquitto test certificate signer](https://test.mosquitto.org/ssl/index.php), click Submit and copy the downloaded `client.crt` in the `main` directory.
--- /dev/null
+# The following four lines of boilerplate have to be in your project's CMakeLists
+# in this exact order for cmake to work correctly
+cmake_minimum_required(VERSION 3.5)
+
+include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+
+project(mqtt_ssl_mutual_auth)
+
+target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "main/client.crt" TEXT)
+target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "main/client.key" TEXT)
# This is a project Makefile. It is assumed the directory this Makefile resides in is a
# project subdirectory.
#
-#
-# This is a project Makefile. It is assumed the directory this Makefile resides in is a
-# project subdirectory.
-#
PROJECT_NAME := mqtt_ssl_mutual_auth
-EXTRA_COMPONENT_DIRS += $(PROJECT_PATH)/../../../
include $(IDF_PATH)/make/project.mk
-
--- /dev/null
+# ESP-MQTT SSL Sample application (mutual authentication)
+
+(See the README.md file in the upper level 'examples' directory for more information about examples.)
+
+This example connects to the broker test.mosquitto.org using ssl transport with client certificate and as a demonstration subscribes/unsubscribes and send a message on certain topic.
+
+It uses ESP-MQTT library which implements mqtt client to connect to mqtt broker.
+
+## How to use example
+
+### Hardware Required
+
+This example can be executed on any ESP32 board, the only required interface is WiFi and connection to internet.
+
+### Configure the project
+
+```
+make menuconfig
+```
+
+* Set serial port under Serial Flasher Options.
+
+* Set ssid and password for the board to connect to AP.
+
+* Generate your client keys and certificate
+
+Navigate to the main directory
+
+```
+cd main
+```
+
+Generate a client key and a CSR. When you are generating the CSR, do not use the default values. At a minimum, the CSR must include the Country, Organisation and Common Name fields.
+
+```
+openssl genrsa -out client.key
+openssl req -out client.csr -key client.key -new
+```
+
+Paste the generated CSR in the [Mosquitto test certificate signer](https://test.mosquitto.org/ssl/index.php), click Submit and copy the downloaded `client.crt` in the `main` directory.
+
+Please note, that the supplied files `client.crt` and `client.key` in the `main` directory are only placeholders for your client certificate and key (i.e. the example "as is" would compile but would not connect to the broker)
+
+### Build and Flash
+
+Build the project and flash it to the board, then run monitor tool to view serial output:
+
+```
+make -j4 flash monitor
+```
+
+(To exit the serial monitor, type ``Ctrl-]``.)
+
+See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects.
+
+## Example Output
+
+```
+I (3714) event: sta ip: 192.168.0.139, mask: 255.255.255.0, gw: 192.168.0.2
+I (3714) system_api: Base MAC address is not set, read default base MAC address from BLK0 of EFUSE
+I (3964) MQTT_CLIENT: Sending MQTT CONNECT message, type: 1, id: 0000
+I (4164) MQTTS_EXAMPLE: MQTT_EVENT_CONNECTED
+I (4174) MQTTS_EXAMPLE: sent publish successful, msg_id=41464
+I (4174) MQTTS_EXAMPLE: sent subscribe successful, msg_id=17886
+I (4174) MQTTS_EXAMPLE: sent subscribe successful, msg_id=42970
+I (4184) MQTTS_EXAMPLE: sent unsubscribe successful, msg_id=50241
+I (4314) MQTTS_EXAMPLE: MQTT_EVENT_PUBLISHED, msg_id=41464
+I (4484) MQTTS_EXAMPLE: MQTT_EVENT_SUBSCRIBED, msg_id=17886
+I (4484) MQTTS_EXAMPLE: sent publish successful, msg_id=0
+I (4684) MQTTS_EXAMPLE: MQTT_EVENT_SUBSCRIBED, msg_id=42970
+I (4684) MQTTS_EXAMPLE: sent publish successful, msg_id=0
+I (4884) MQTT_CLIENT: deliver_publish, message_length_read=19, message_length=19
+I (4884) MQTTS_EXAMPLE: MQTT_EVENT_DATA
+TOPIC=/topic/qos0
+DATA=data
+I (5194) MQTT_CLIENT: deliver_publish, message_length_read=19, message_length=19
+I (5194) MQTTS_EXAMPLE: MQTT_EVENT_DATA
+TOPIC=/topic/qos0
+DATA=data
+```
+
--- /dev/null
+set(COMPONENT_SRCS "app_main.c")
+set(COMPONENT_ADD_INCLUDEDIRS ".")
+
+register_component()
-menu "MQTT Application sample"
+menu "Example Configuration"
config WIFI_SSID
string "WiFi SSID"
#include "esp_log.h"
#include "mqtt_client.h"
-static const char *TAG = "MQTTS_SAMPLE";
+static const char *TAG = "MQTTS_EXAMPLE";
static EventGroupHandle_t wifi_event_group;
const static int CONNECTED_BIT = BIT0;
};
ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA));
ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config));
- ESP_LOGI(TAG, "start the WIFI SSID:[%s] password:[%s]", CONFIG_WIFI_SSID, "******");
+ ESP_LOGI(TAG, "start the WIFI SSID:[%s]", CONFIG_WIFI_SSID);
ESP_ERROR_CHECK(esp_wifi_start());
ESP_LOGI(TAG, "Waiting for wifi");
xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT, false, true, portMAX_DELAY);
--- /dev/null
+Please paste your client certificate here (follow instructions in README.md)
--- /dev/null
+Please paste here your client key (follow instructions in README.md)
projects / esp-idf / commitdiff