Mqtt-mbedtls #960
Mqtt-mbedtls #960
Conversation
Update repo url for build
This comment was marked as duplicate.
This comment was marked as duplicate.
Sorry, something went wrong.
Space changes only
|
Thank you, this will certainly be merged, but first, what is the memory impact of using this TLS library? Is there already present a mechanism to simply enable or disable it entirely? I am planning to alter online builds system to publish different versions of OBK, permutations with different features enabled, and that one could be one of the permutations |
The impact on memory I believe is acceptable. There are around 11k of memory with certificate validation. |
|
Can you change booleans in config to bytes, or maybe even put them two into one byte? |
alexsandroz
force-pushed
the
mqtt-mbedtls
branch
from
1a02f06
to
af63576
Compare
Done. Changed to byte and added some documentation. |
|
Ok, let me review it a bit more. And also - I don't know much about TLS implementation, but does it mean that we could also be able to make a HTTPS connections? How much is missing for that? You know, we have SendGET / SendPOST functions |
Yes, it is possible. The limitation is the available memory. |
|
Hello, is autoexec.bat on LittleFS preserved when you do OTA? |
I tested it now and had no problems with existing files. |
|
Would be possible to add client certificates as well? |
|
|
Guys can anyone do the final testing of this PR on T and N platforms? I would like to have it merged soon but I didn't have time to look into whole secure MQTT yet. Anyone? Also, please merge changes @alexsandroz from upstream if you can |
merge done |
|
Not sure how helpful this is but I tested it on my Geeni Outdoor Duo plug GNC-OW102-103. Which has a Tuya CB3S Module (BK7231N). I connect to mosquitto running on a router. I merged it into c07f66f and compiled. It works like a charm. Thanks this is the last step I needed to be able to use OpenBK7231T_App on my network. |
| t->tm_year = year - 1900; | ||
| return t; | ||
| } | ||
| struct tm* mbedtls_platform_gmtime_r(const mbedtls_time_t* tt, struct tm* tm_buf) { |
There was a problem hiding this comment.
Maybe the NTP check could be removed if #1167 lands in main.
|
Can someone publish builds with latest changes on main? Would like to test for N and cannot build myself, to many conflicts. |
merge with main done |
Enable mqtt with TLS
This pull contains specific configuration for enable mbedtls with mqtt.
Due to environment limitations there is only one version of TSL and only one cipher enabled:
TSL VERSION: TLSv1.2
TSL CIPHER : TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
This is a common configuration supported by the mosquitto MQTT server
Tested only with LWIP MQTT client application on BK7231N platform.
It's possible that it will also work on other platforms, but I don't have specific hardware to test.
The web server MQTT page has been updated to specify whether MQTT uses TSL and if the certificate needs to be validated.
The CA certificate or public certificate (in case of self-signed) must be uploaded in PEM format to LFS
To validate the certificate dates, the NTP driver must be enabled, otherwise the build date will be used to validate.
Additionally, an option to disable the web app has been added to strengthen security. Communication only with secure mqtt connection.
Address:
#668 Is it able to support mqtt connection via TLS (secure connection) on remote MQTT server such as AWS broker ?
#759 Self-Signed MQTT Server Connection Fails