Hello all,
I'm trying to use MQTT-TLS with my Particle Electron. I've set up the mosquitto broker on a ubuntu machine and created the certificates using openssl (the SSL certificates are not verified). It is working fine with my raspberry pi and ESP32(using pubsubclient library) but for almost 2 weeks can't manage to get it work on the Electron and currently have no idea what I'm getting wrong so I'm turning out to the community
I'm seeing the below error from the broker log
1538818268: New connection from xxx.xx.xxx.xxx on port 8883.
1538818268: OpenSSL Error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
1538818268: Socket error on client , disconnecting.
1538818286: Client connection from xxx.xx.xxx.xxx failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol.
My source code is as below
#include "MQTT-TLS.h"
void callback(char* topic, byte* payload, unsigned int length);
#define LET_ENCRYPT_CA_PEM \
"-----BEGIN CERTIFICATE-----\n" \
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxV\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"\
"-----END CERTIFICATE-----"
#define clientId "myId"
#define username "myName"
#define password "myPass"
const char letencryptCaPem[] = LET_ENCRYPT_CA_PEM;
/**
* if want to use IP address,
* byte server[] = { XXX,XXX,XXX,XXX };
* MQTT client(server, 1883, callback);
* want to use domain name,
* MQTT client("www.sample.com", 1883, callback);
* iot.eclipse.org is Eclipse Open MQTT Broker: https://iot.eclipse.org/getting-started
**/
//MQTT client("iot.eclipse.org", 8883, callback);
byte server[] = { yyy,y,yyy,yyy };
MQTT client(server, 8883, callback);
// recieve message
void callback(char* topic, byte* payload, unsigned int length) {
char p[length + 1];
memcpy(p, payload, length);
p[length] = NULL;
String message(p);
Serial.print("Received : ");
Serial.println(message);
delay(1000);
}
#define ONE_DAY_MILLIS (24 * 60 * 60 * 1000)
unsigned long lastSync = millis();
void setup() {
if (millis() - lastSync > ONE_DAY_MILLIS) {
Particle.syncTime();
lastSync = millis();
}
// enable tls. set Root CA pem file.
// if you don't use TLS, comment out this line.
client.enableTls(letencryptCaPem, sizeof(letencryptCaPem));
Serial.println("tls enable");
// connect to the server
//connect(const char *id, const char *user, const char *pass)
//client.connect("sparkclient");
Serial.println("MQTT connecting ...");
/* connect now */
client.connect(clientId, username, password);
// publish/subscribe
if (client.isConnected()) {
Serial.println("client connected");
client.publish("topic", "hello world");
}
}
void loop() {
if (client.isConnected()) {
Serial.println("MQTT Connected!");
client.loop();
}
else {
/* connect now */
Serial.println("MQTT connecting ...");
client.connect(clientId, username, password);
}
delay(200);
}
The mosquitto.conf file is set as follows
pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
tls_version tlsv1.1
listener 8883
cafile /etc/mosquitto/certs/ca.crt
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.keyallow_anonymous false
password_file /etc/mosquitto/passwd
The firmware version on the device is 0.7.0.
Thank you in advance!