New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mqtt-mbedtls #960
base: main
Are you sure you want to change the base?
Mqtt-mbedtls #960
Conversation
Update repo url for build
Space changes only
Thank you, this will certainly be merged, but first, what is the memory impact of using this TLS library? Is there already present a mechanism to simply enable or disable it entirely? I am planning to alter online builds system to publish different versions of OBK, permutations with different features enabled, and that one could be one of the permutations |
The impact on memory I believe is acceptable. There are around 11k of memory with certificate validation. |
1a02f06
to
af63576
Compare
Ok, let me review it a bit more. And also - I don't know much about TLS implementation, but does it mean that we could also be able to make a HTTPS connections? How much is missing for that? You know, we have SendGET / SendPOST functions |
Yes, it is possible. The limitation is the available memory. |
Hello, is autoexec.bat on LittleFS preserved when you do OTA? |
I tested it now and had no problems with existing files. |
Would be possible to add client certificates as well? |
|
Guys can anyone do the final testing of this PR on T and N platforms? I would like to have it merged soon but I didn't have time to look into whole secure MQTT yet. Anyone? Also, please merge changes @alexsandroz from upstream if you can |
merge done |
Not sure how helpful this is but I tested it on my Geeni Outdoor Duo plug GNC-OW102-103. Which has a Tuya CB3S Module (BK7231N). I connect to mosquitto running on a router. I merged it into c07f66f and compiled. It works like a charm. Thanks this is the last step I needed to be able to use OpenBK7231T_App on my network. |
t->tm_year = year - 1900; | ||
return t; | ||
} | ||
struct tm* mbedtls_platform_gmtime_r(const mbedtls_time_t* tt, struct tm* tm_buf) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe the NTP check could be removed if #1167 lands in main.
Can someone publish builds with latest changes on main? Would like to test for N and cannot build myself, to many conflicts. |
merge with main done |
Enable mqtt with TLS
This pull contains specific configuration for enable mbedtls with mqtt.
Due to environment limitations there is only one version of TSL and only one cipher enabled:
TSL VERSION: TLSv1.2
TSL CIPHER : TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
This is a common configuration supported by the mosquitto MQTT server
Tested only with LWIP MQTT client application on BK7231N platform.
It's possible that it will also work on other platforms, but I don't have specific hardware to test.
The web server MQTT page has been updated to specify whether MQTT uses TSL and if the certificate needs to be validated.
The CA certificate or public certificate (in case of self-signed) must be uploaded in PEM format to LFS
To validate the certificate dates, the NTP driver must be enabled, otherwise the build date will be used to validate.
Additionally, an option to disable the web app has been added to strengthen security. Communication only with secure mqtt connection.
Address:
#668 Is it able to support mqtt connection via TLS (secure connection) on remote MQTT server such as AWS broker ?
#759 Self-Signed MQTT Server Connection Fails