[solved] MQTT and tls
-
Hello there,
I have to use mqtt over tls connection.
right now I am using simple mqtt lib
Can you recommend me a library, or some code snippet? So far googleing doesn't brought me any luck
-
Just want to share actual working sample.
NOTE: Checking server certificate is DISABLED in this case.
You needCERT_REQUIRED
orCERT_REQUIRED
judging from documentation.But, by some reason in my build
ussl.CERT_REQUIRED
gave "...object has no attribute...".# --------------------------------------------- # Tested setup: # - Traefik Proxy 2.5 (Let's Encrypt Cert) # - Mosquitto 2.0.16 # - MicroPython 1.17 # ---------------------------------------------- from umqtt.simple import MQTTClient HOST = "<HOST>" # Without server_hostname it wan't connect (by some reason) ssl_params = {"server_hostname": HOST} c = MQTTClient("<client_id>", server=HOST, port=8883, user="<username>", password="<password>", # Need keepalive > 0 or got MqttException(2) keepalive=10, ssl=True, ssl_params=ssl_params)
-
You can upload it either through FTP, or put it in the project folder and add the extension to 'upload file types' in the Pymakr Global settings (I think its already in there)
Gijs
-
@andrethemac Hi, how do I add the certificate to the device flash.?
-
I found the issue.
I got wrong login name and pass from the client....
-
Thanks for the library, and sample. That was a great help.
Let me share my result so far.So my first error was: cannot convert str to int. for this line
self.sock = ussl.wrap_socket(self.sock, **self.ssl_params)
in simple.py, This is my call by the way:
c = MQTTClient(client_id="GH001a", server="######",user=b"######", password=b"#####", ssl=True, ssl_params={"cert_reqs":"ssl.CERT_REQUIRED", "ca_certs":"/flash/cert/fullchain1.pem"})
what I come up with (I know it's not nice) to hard code into the simple.py file like this:
self.sock = ssl.wrap_socket(self.sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs='/flash/cert/fullchain1.pem')
The second error wast that CA file not found. That was not hard to crack, just edit pymark.json sync_file_types attribute.
The third and current error is MQTTException: 5 for line 102 in simple.py
raise MQTTException(resp[3])
on the server side it's look like this: Socket error on client <unknown>, disconnecting.
this is where I'am stuck right now.
-
@tttadam
using the default mqtt library and the ussl library
put the root ca certificate in the cert directory (you have to rename it ca.pem in earlier versions but than maybe changed)
the communications now go over ssl. use the mqttc client as before.from mqtt import MQTTClient import ussl # mqtt definitions ssl_params = {'cert_reqs':ussl.CERT_REQUIRED, 'ca_certs':'/flash/cert/ca.pem'} mqttc = MQTTClient( <yourmachinename>, <yourmqttserver>, keepalive=60, ssl=True, ssl_params=ssl_params )
best regards
André
-
hmmm, Can you show me an example how the TLS part works, how should I use it?
Thanks.
-
The builtin AWS IoT library uses MQTT via SSL.
https://github.com/pycom/pycom-micropython-sigfox/tree/master/esp32/frozen/Common