[solved] MQTT and tls



  • Hello there,

    I have to use mqtt over tls connection.
    right now I am using simple mqtt lib
    Can you recommend me a library, or some code snippet? So far googleing doesn't brought me any luck



  • Just want to share actual working sample.

    NOTE: Checking server certificate is DISABLED in this case.
    You need CERT_REQUIRED or CERT_REQUIRED judging from documentation.

    But, by some reason in my build ussl.CERT_REQUIRED gave "...object has no attribute...".

    # ---------------------------------------------
    # Tested setup: 
    #      - Traefik Proxy 2.5 (Let's Encrypt Cert)
    #      - Mosquitto 2.0.16
    #      - MicroPython 1.17
    # ----------------------------------------------
    from umqtt.simple import MQTTClient
    
    HOST = "<HOST>"
    
    # Without server_hostname it wan't connect (by some reason)
    ssl_params = {"server_hostname": HOST}  
    
    c = MQTTClient("<client_id>",
                   server=HOST,
                   port=8883,
                   user="<username>",
                   password="<password>",
                   # Need keepalive > 0 or got MqttException(2)
                   keepalive=10,          
                   ssl=True,
                   ssl_params=ssl_params)
    


  • You can upload it either through FTP, or put it in the project folder and add the extension to 'upload file types' in the Pymakr Global settings (I think its already in there)

    Gijs



  • @andrethemac Hi, how do I add the certificate to the device flash.?



  • I found the issue.
    I got wrong login name and pass from the client....



  • Thanks for the library, and sample. That was a great help.
    Let me share my result so far.

    So my first error was: cannot convert str to int. for this line

    self.sock = ussl.wrap_socket(self.sock, **self.ssl_params)
    

    in simple.py, This is my call by the way:

    c = MQTTClient(client_id="GH001a", server="######",user=b"######", password=b"#####", ssl=True, ssl_params={"cert_reqs":"ssl.CERT_REQUIRED", "ca_certs":"/flash/cert/fullchain1.pem"})
    

    what I come up with (I know it's not nice) to hard code into the simple.py file like this:

     self.sock = ssl.wrap_socket(self.sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs='/flash/cert/fullchain1.pem')
    

    The second error wast that CA file not found. That was not hard to crack, just edit pymark.json sync_file_types attribute.

    The third and current error is MQTTException: 5 for line 102 in simple.py

    raise MQTTException(resp[3])
    

    on the server side it's look like this: Socket error on client <unknown>, disconnecting.

    this is where I'am stuck right now.



  • @tttadam
    using the default mqtt library and the ussl library
    put the root ca certificate in the cert directory (you have to rename it ca.pem in earlier versions but than maybe changed)
    the communications now go over ssl. use the mqttc client as before.

    from mqtt import MQTTClient
    import ussl
    
    # mqtt definitions
    ssl_params = {'cert_reqs':ussl.CERT_REQUIRED, 'ca_certs':'/flash/cert/ca.pem'}
    mqttc = MQTTClient(
        <yourmachinename>,
        <yourmqttserver>,
        keepalive=60,
        ssl=True,
        ssl_params=ssl_params
    )
    

    best regards
    André



  • hmmm, Can you show me an example how the TLS part works, how should I use it?
    Thanks.




Log in to reply
 

Pycom on Twitter