Hello,
I’m trying to implement the TlsTcpClient Library (TlsTcpClient | Reference | Particle) on a Particle M-SoM running device OS 6.3.3. However, simply installing the library in an empty project produces errors in Particle Workbench. I made sure Particle Workbench was properly configured for 6.3.3.
The Particle reference docs (TlsTcpClient | Reference | Particle) show that the library should build on device OS 6.2.0. After looking through the change log, I don’t see any significant difference between 6.3.3 and 6.2.0 that should affect an HTTPS client. However, I see the following error appear as soon as the library is installed:
cannot open source file "check_config.h" (dependency of "~/.particle/toolchains/deviceOS/6.3.3/user/inc/Particle.h")C/C++(1696)
After doing some digging, I found out that TlsTcpClient is a fork of the mbedtls library (GitHub - Mbed-TLS/mbedtls: An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.) which I understand the particle Device OS uses internally. Thus, I believe what I’m experiencing is a conflict between the OS’s internal mbedtls library and the secondary TlsTcpClient’s mbedtls library.
At the end of the day, I want to make a simple GET and POST request over HTTPS from a Particle M-SoM on device OS 6.3.3. How can I do this? Should I:
- Modify the TlsTcpClient library to make it compatible with the OS? If so, how?
- Isolate the TlsTcpClient library so that it does not conflict with the device OS? If so, how?
- I noticed that the TlsTcpClient hasn’t been updated in awhile. Do we need to make a new fork of mbedtls library for Particle? If so, can someone provide guidance on how to do this?
Thank you in advance for the help.
Does it build on 6.2.0? Are you use a local or cloud build? Does it work on the other one?
It's unlikely that it's a conflict with MbedTLS and the library should not need updating, at least to build.
That being said, that library is only a TLS implementation, so you still need to build a HTTP client on top of it. The recommended method is to use webhooks and do TLS in the cloud. Each TLS negotiation can use up to 5K of data, which adds up quickly over cellular. It's less of an issue for Wi-Fi of course.
I just compiled an empty project using this command:
particle compile msom --target 6.2.0
The compile was successful.
Then I ran Particle: Install Library → TlsTcpClient and ran the same compile command again.
This compile failed with the following error:
lib/TlsTcpClient/src/mbedtls/timing.cpp: In function 'int _gettimeofday(timeval*, void*)':
lib/TlsTcpClient/src/mbedtls/timing.cpp:228:18: error: 'HAL_RTC_Get_UnixTime' was not declared in this scope
228 | tv->tv_sec = HAL_RTC_Get_UnixTime(); // get rtc time before Particle.syncTime()
| ^~~~~~~~~~~~~~~~~~~~
make[2]: *** [../build/target/user/platform-35-mTlsTcpClient/src/mbedtls/timing.o] Error 1
make[2]: Leaving directory /firmware/user' make[1]: *** [user] Error 2 make[1]: Leaving directory /firmware/modules/msom/user-part'
make: *** [modules/msom/user-part] Error 2
Note this is a different error than what I get when compiling agains my actual code vs a brand new project.
I’m using WiFi so bandwidth/data constraints are not an issue here.
Follow the instructions for modifying public libraries and then change:
HAL_RTC_Get_UnixTime() to Time.now()
The HAL function is deprecated in the latest versions of Device OS.
1 Like
Thank you for the help on this! I was able to get the library working by fixing the time function as you specified and including Particle.h in the same file.
I still have a couple questions that I wasn’t able to figure out though:
- I noticed the library only supports TLS 1.2. Is there anyone smarter than me who has/could implement TLS 1.3 as 1.2 is now considered “weak”?
- Why are there two config.h files? One is located in the mbedtls folder and the other in the TlsTcpClient folder. They appear to serve similar functions, but have differing content. The mbedtls version is the one that is used by default, but I’d like to know why the TlsTcpClient config.h file exists and if/how I should use it?
- While reading the documentation, I learned that this library only authenticates the server to the client. Is there a way provide mutual authentication of both the client and the server to each other?
- Ever since installing this library, I get many intellisense errors regarding included files. The project compiles and runs just fine, but the errors are annoying/concerning. How can I remedy this?
- The certificate I placed on my M-SoM device will need to be updated when it expires. Does Particle provide an easy way of managing certificates or must I resort to a manual OTA software update for all my devices when they expire?