Flashing mqtt-tls library in Argon

simo · January 16, 2023, 9:25am

Hi everyone, I need to use the MQTT-TLS library in my firmware using an Argon with Device OS 4.0.2. Given that the library is big and cannot be loaded in the web ide, I am trying to use the Workbench in VS code. I have read a lot of similar topics related to the errors that come up when compiling the code after having included the library. In particular I am having problems related to the mbedtls/config.h file which was not present at the beginning, I have also tried to create it taking the structure of the same file in the Amazon Iot library that includes the MQTT-TLs. Even after this, I still getting the errors showed in the attached picture.

hirotakaster · January 19, 2023, 2:53am

Please install the library from “particle library” command or VScode command pallet.

simo · January 19, 2023, 1:32pm

Hi, thank you for your response. I did install all the libraries from the Particle command palette using Particle: Install Library

ScruffR · January 19, 2023, 1:49pm

Are you cloud compiling or locally?
If you compile in the cloud the build chain will try to use the cloud based library.
To prevent that and force the use of your locally stored library you should deactivate the respective dependencies entry in the project.properties file.
But local build would be preferable anyhow

hirotakaster · January 20, 2023, 2:31am

Could you find “src/mbedtls/include/mbedtls_config.h” file on your project?
I test compile the sample souce code MQTT-TLS 0.2.25 with Argon 4.0.2 on local&cloud compile no problem.
so It’s good that you check the compile the sample code (a1-example) on your PC(excluding other libraries).

simo · February 6, 2023, 9:03am

Hi could you please describe the steps that you made? indeed it seems I am doing the same as you but I am getting errors of compilation, like “cannot open the source file MQTT-TLS.h” . The .h is present in the folder though

simo · February 6, 2023, 12:48pm

I am compiling locally and the project.properties are ok. The problem is in the mbetls/confing.h file

simo · February 6, 2023, 12:52pm

I think the problem is in the mbetls/confing. h file that it is not opened when compiling locally. Can you please tell me how should I modify the confi.h when using an Argon?

gusgonnet · February 6, 2023, 2:02pm

Hi simo,
Below you can find my opinion, which may or may not match reality.

I think the problem here lies in the fact that we are looking at the errors that VS Code shows.
However, I had the chance of creating a project from scratch this weekend that used this same library and I can see those errors you screenshot in your first post.
Since I am not fully paying attention to them, I ran my project, built it, flashed it with no issues.

So here’s my suggestion: what happens if you ignore those errors and proceed to build?

My experience with VSCode is that those errors can be safely ignored and code will still work. What matters here are the warnings/errors you get while building.
Best

simo · February 7, 2023, 9:29am

Hi thank you for your reply. Indeed i managed to successfully compile it however after doing Flash and having obtained Success, all the leds are shut down and it looks as turned off.

Can you help me?

gusgonnet · February 7, 2023, 8:28pm

Hi,
I guess the first step to take is this:

start commenting out stuff from your TR.ino to find out what is messing up the device.

How does it sound?

simo · February 22, 2023, 9:01pm

Ok i figured out the previous problem, basically in order to flash it successfully the mbetls_config.h file has to be properly modified. However as long as i connetc to an unsecured broker ( i.e test.mosquitto on port 1883), I manage to connect to the broker. When I try to connect to a secured broker ( i.e test.mosquitto.org on port 8883), the Argon doesn’t connect to the broker even if I insert the specific CA certificate. Does someone know why and how i can connect to a broker that asks username, password and a certfication?
Should I change something in the mbedtls_config.h file?

gusgonnet · February 22, 2023, 9:22pm

Hey, is there an error message it prints on the serial console when it can’t connect?

simo · February 23, 2023, 6:44am

No it just doesn’t connect, I print " not connected"
If (!client.connect) is verified

gusgonnet · February 23, 2023, 1:35pm

ok, I suggest you enable debug logs like this:

open lib/MQTT-TLS/src/mbedtls/include/mbedtls/mbedtls_config.h
around line 2190 you will find this statement:

// #define MBEDTLS_DEBUG_C

un-commment it like so:

#define MBEDTLS_DEBUG_C

compile again.

It’s going to dump a lot of debug logs, scan it very thoroughly to see if you find something weird. It’s VERY verbose, so it will take some time.

simo · February 23, 2023, 2:09pm

Hi yes it is very verbose, I get the following:

make[2]: *** […/…/…/build/module.mk:220: c:/Users/minaf/OneDrive/Desktop/lavoro/lavoro/TR/TR_TLS/target/4.0.0/argon/TR_TLS.elf] Error 1
make[2]: Leaving directory ‘/cygdrive/c/Users/minaf/.particle/toolchains/deviceOS/4.0.0/modules/argon/user-part’
make[1]: *** […/build/recurse.mk:12: modules/argon/user-part] Error 2
make[1]: Leaving directory ‘/cygdrive/c/Users/minaf/.particle/toolchains/deviceOS/4.0.0/main’
make: *** [C:\Users\minaf.particle\toolchains\buildscripts\1.11.0\Makefile:86: flash-user] Error 2

The terminal process “C:\Users\minaf.particle\toolchains\buildtools\1.1.1\bin\bash.exe ‘-c’, ‘make -f ‘C:\Users\minaf.particle\toolchains\buildscripts\1.11.0\Makefile’ flash-user’” terminated with exit code: 2.
Press any key to close the terminal.

basically, my argon doesn’t connect to any broker on port 8883, nor test.mosquitto.org nor mqtt.eclipse as in a1 example.

gusgonnet · February 23, 2023, 2:23pm

hey, those are logs from compiling, correct?
I’d suggest you double check what is in your code until you get it to compile.

simo · February 23, 2023, 2:31pm

yes,

are this errors negligible or not?

Can someone please tell me all the steps needed to use the MQTT-TLS library on an Argon? I am afraid I missed something that has to enable the connection to port 8883, maybe something in the mbedtls_config.h fine?

thank you

gusgonnet · February 23, 2023, 2:37pm

I have similar errors, but my code compiles fine, that is why I suggested you take a look at your code to see where is the build failing. You need to fix that before anything else.

simo · February 23, 2023, 3:21pm

Hi i think i am not doing anything special. I attach here my code, the PEM certificate is the one downloaded from the mosquitto.org web site fort port 8883. I’ve have test that from the terminal I can use it. The problem is to publish from the Argon

#include "MQTT-TLS.h"

void callback(char* topic, byte* payload, unsigned int length);

#define LET_ENCRYPT_CA_PEM                                              \
"-----BEGIN CERTIFICATE----- \r\n" \
"MIIEAzCCAuugAwIBAgIUBY1hlCGvdj4NhBXkZ/uLUZNILAwwDQYJKoZIhvcNAQEL\r\n"  \
"BQAwgZAxCzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwG\r\n"  \
"A1UEBwwFRGVyYnkxEjAQBgNVBAoMCU1vc3F1aXR0bzELMAkGA1UECwwCQ0ExFjAU\r\n"  \
"BgNVBAMMDW1vc3F1aXR0by5vcmcxHzAdBgkqhkiG9w0BCQEWEHJvZ2VyQGF0Y2hv\r\n"  \
"by5vcmcwHhcNMjAwNjA5MTEwNjM5WhcNMzAwNjA3MTEwNjM5WjCBkDELMAkGA1UE\r\n"  \
"BhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTES\r\n"  \
"MBAGA1UECgwJTW9zcXVpdHRvMQswCQYDVQQLDAJDQTEWMBQGA1UEAwwNbW9zcXVp\r\n"  \
"dHRvLm9yZzEfMB0GCSqGSIb3DQEJARYQcm9nZXJAYXRjaG9vLm9yZzCCASIwDQYJ\r\n"  \
"KoZIhvcNAQEBBQADggEPADCCAQoCggEBAME0HKmIzfTOwkKLT3THHe+ObdizamPg\r\n"  \
"UZmD64Tf3zJdNeYGYn4CEXbyP6fy3tWc8S2boW6dzrH8SdFf9uo320GJA9B7U1FW\r\n"  \
"Te3xda/Lm3JFfaHjkWw7jBwcauQZjpGINHapHRlpiCZsquAthOgxW9SgDgYlGzEA\r\n"  \
"s06pkEFiMw+qDfLo/sxFKB6vQlFekMeCymjLCbNwPJyqyhFmPWwio/PDMruBTzPH\r\n"  \
"3cioBnrJWKXc3OjXdLGFJOfj7pP0j/dr2LH72eSvv3PQQFl90CZPFhrCUcRHSSxo\r\n"  \
"E6yjGOdnz7f6PveLIB574kQORwt8ePn0yidrTC1ictikED3nHYhMUOUCAwEAAaNT\r\n"  \
"MFEwHQYDVR0OBBYEFPVV6xBUFPiGKDyo5V3+Hbh4N9YSMB8GA1UdIwQYMBaAFPVV\r\n"  \
"6xBUFPiGKDyo5V3+Hbh4N9YSMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL\r\n"  \
"BQADggEBAGa9kS21N70ThM6/Hj9D7mbVxKLBjVWe2TPsGfbl3rEDfZ+OKRZ2j6AC\r\n"  \
"6r7jb4TZO3dzF2p6dgbrlU71Y/4K0TdzIjRj3cQ3KSm41JvUQ0hZ/c04iGDg/xWf\r\n"  \
"+pp58nfPAYwuerruPNWmlStWAXf0UTqRtg4hQDWBuUFDJTuWuuBvEXudz74eh/wK\r\n"  \
"sMwfu1HFvjy5Z0iMDU8PUDepjVolOCue9ashlS4EB5IECdSR2TItnAIiIwimx839\r\n"  \
"LdUdRudafMu5T5Xma182OC0/u/xRlEm+tvKGGmfFcN0piqVl8OrSPBgIlb+1IKJE\r\n"  \
"m/XriWr/Cq4h/JfB7NTsezVslgkBaoU=\r\n"  \
"-----END CERTIFICATE----- "
const char letencryptCaPem[] = LET_ENCRYPT_CA_PEM;

/**
 * if want to use IP address,
 * byte server[] = { XXX,XXX,XXX,XXX };
 * MQTT client(server, 1883, callback);
 * want to use domain name,
 * MQTT client("www.sample.com", 1883, callback);
 * iot.eclipse.org is Eclipse Open MQTT Broker: https://iot.eclipse.org/getting-started
**/
MQTT client("test.mosquitto.org", 8883, callback);

// recieve message
void callback(char* topic, byte* payload, unsigned int length) {
    char p[length + 1];
    memcpy(p, payload, length);
    p[length] = NULL;
    String message(p);
}

void setup() {


    // enable tls. set Root CA pem file.
    // if you don't use TLS, comment out this line.
    client.enableTls(letencryptCaPem, sizeof(letencryptCaPem));
    Serial.println("tls enable");

    // connect to the server
    client.connect("sparkclient");

    // publish/subscribe
    if (client.isConnected()) {
        Serial.println("client connected");
        client.publish("outTopic/message", "hello world");
       
    }
}

void loop() {
    if (client.isConnected())
        client.loop();
    delay(200);
}


Moreover i attach here the setting on the mbedtls_config.h file enabled by uncommenting the #define lines.

#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
#define MBEDTLS_HAVE_TIME_DATE
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_CIPHER_MODE_CFB
#define MBEDTLS_CIPHER_MODE_CTR
#define MBEDTLS_CIPHER_MODE_OFB
#define MBEDTLS_CIPHER_MODE_XTS
#define MBEDTLS_CIPHER_PADDING_PKCS7
#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
#define MBEDTLS_CIPHER_PADDING_ZEROS
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
#define MBEDTLS_ECP_DP_CURVE448_ENABLED
#define MBEDTLS_ECP_NIST_OPTIM
#define MBEDTLS_ECDSA_DETERMINISTIC
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
#define MBEDTLS_PK_PARSE_EC_EXTENDED
#define MBEDTLS_ERROR_STRERROR_DUMMY
#define MBEDTLS_GENPRIME
#define MBEDTLS_PK_RSA_ALT_SUPPORT
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_PKCS1_V21
#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
#define MBEDTLS_SSL_CONTEXT_SERIALIZATION
#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
#define MBEDTLS_SSL_RENEGOTIATION
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
#define MBEDTLS_SSL_PROTO_TLS1_2
#define MBEDTLS_SSL_PROTO_TLS1_3
#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
#define MBEDTLS_SSL_ALPN
#define MBEDTLS_SSL_SESSION_TICKETS
#define MBEDTLS_SSL_SERVER_NAME_INDICATION
#define MBEDTLS_VERSION_FEATURES
#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
#define MBEDTLS_AESNI_C
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BASE64_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_CCM_C
#define MBEDTLS_CHACHA20_C
#define MBEDTLS_CHACHAPOLY_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_DEBUG_C
#define MBEDTLS_DHM_C
#define MBEDTLS_ECDH_C
#define MBEDTLS_ECDSA_C
#define MBEDTLS_ECJPAKE_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_ERROR_C
#define MBEDTLS_GCM_C
#define MBEDTLS_HKDF_C
#define MBEDTLS_HMAC_DRBG_C
#define MBEDTLS_NIST_KW_C
#define MBEDTLS_MD_C
#define MBEDTLS_MD5_C
#define MBEDTLS_OID_C
#define MBEDTLS_PADLOCK_C
#define MBEDTLS_PADLOCK_C
#define MBEDTLS_PEM_WRITE_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_PK_WRITE_C
#define MBEDTLS_PKCS5_C
#define MBEDTLS_PKCS12_C
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_POLY1305_C
#define MBEDTLS_PSA_CRYPTO_C
#define MBEDTLS_RIPEMD160_C
#define MBEDTLS_RSA_C
#define MBEDTLS_SHA1_C
#define MBEDTLS_SHA224_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA384_C
#define MBEDTLS_SHA512_C
#define MBEDTLS_SSL_CACHE_C
#define MBEDTLS_SSL_COOKIE_C
#define MBEDTLS_SSL_TICKET_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_TLS_C
#define MBEDTLS_TIMING_C
#define MBEDTLS_VERSION_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_CRL_PARSE_C
#define MBEDTLS_X509_CSR_PARSE_C
#define MBEDTLS_X509_CREATE_C
#define MBEDTLS_X509_CRT_WRITE_C
#define MBEDTLS_X509_CSR_WRITE_C