mirror
/
esp-idf
kopia lustrzana https://github.com/espressif/esp-idf
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

mqtt: ssl mutual authentication example added per PR from github, corrected cmake build, updated per idf style 

Merges https://github.com/espressif/esp-idf/pull/2490
pull/2654/head
David Cermak 2018-10-11 17:34:09 +02:00
rodzic 49df479486
commit 0cdb33c9dd
15 zmienionych plików z 107 dodań i 66 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

4
components/esp-tls/esp_tls.h
Wyświetl plik

@ -106,12 +106,12 @@ typedef struct esp_tls {
mbedtls_x509_crt cacert; /*!< Container for the X.509 CA certificate */
mbedtls_x509_crt *cacert_ptr; /*!< Pointer to the cacert being used. */
mbedtls_x509_crt clientcert; /*!< Container for the X.509 client certificate */
mbedtls_pk_context clientkey; /*!< Container for the private key of the client
certificate */
mbedtls_x509_crt *cacert_ptr; /*!< Pointer to the cacert being used. */
int sockfd; /*!< Underlying socket file descriptor. */

2
components/mqtt/esp-mqtt

@ -1 +1 @@
Subproject commit 85ee406d03fd84f5613c6dead1ea653e384b9559
Subproject commit a7b1cea5b3e246298607a8c64447765297626f36

6
components/tcp_transport/include/esp_transport_ssl.h
Wyświetl plik

@ -32,7 +32,7 @@ esp_transport_handle_t esp_transport_ssl_init();
/**
* @brief Set SSL certificate data (as PEM format).
* Note that, this function stores the pointer to data, rather than making a copy.
* So we need to make sure to keep the data lifetime before cleanup the connection
* So this data must remain valid until after the connection is cleaned up
*
* @param t ssl transport
* @param[in] data The pem data
@ -43,7 +43,7 @@ void esp_transport_ssl_set_cert_data(esp_transport_handle_t t, const char *data,
/**
* @brief Set SSL client certificate data for mutual authentication (as PEM format).
* Note that, this function stores the pointer to data, rather than making a copy.
* So we need to make sure to keep the data lifetime before cleanup the connection
* So this data must remain valid until after the connection is cleaned up
*
* @param t ssl transport
* @param[in] data The pem data
@ -54,7 +54,7 @@ void esp_transport_ssl_set_client_cert_data(esp_transport_handle_t t, const char
/**
* @brief Set SSL client key data for mutual authentication (as PEM format).
* Note that, this function stores the pointer to data, rather than making a copy.
* So we need to make sure to keep the data lifetime before cleanup the connection
* So this data must remain valid until after the connection is cleaned up
*
* @param t ssl transport
* @param[in] data The pem data

17
components/tcp_transport/transport_ssl.c
Wyświetl plik

@ -39,8 +39,6 @@ typedef struct {
esp_tls_t *tls;
esp_tls_cfg_t cfg;
bool ssl_initialized;
bool verify_server;
bool mutual_authentication;
transport_ssl_conn_state_t conn_state;
} transport_ssl_t;
@ -50,12 +48,6 @@ static int ssl_connect_async(esp_transport_handle_t t, const char *host, int por
{
transport_ssl_t *ssl = esp_transport_get_context_data(t);
if (ssl->conn_state == TRANS_SSL_INIT) {
if (ssl->cfg.cacert_pem_buf) {
ssl->verify_server = true;
}
if (ssl->cfg.clientcert_pem_buf && ssl->cfg.clientkey_pem_buf) {
ssl->mutual_authentication = true;
}
ssl->cfg.timeout_ms = timeout_ms;
ssl->cfg.non_block = true;
ssl->ssl_initialized = true;
@ -74,12 +66,7 @@ static int ssl_connect_async(esp_transport_handle_t t, const char *host, int por
static int ssl_connect(esp_transport_handle_t t, const char *host, int port, int timeout_ms)
{
transport_ssl_t *ssl = esp_transport_get_context_data(t);
if (ssl->cfg.cacert_pem_buf) {
ssl->verify_server = true;
}
if (ssl->cfg.clientcert_pem_buf && ssl->cfg.clientkey_pem_buf) {
ssl->mutual_authentication = true;
}
ssl->cfg.timeout_ms = timeout_ms;
ssl->ssl_initialized = true;
ssl->tls = esp_tls_conn_new(host, strlen(host), port, &ssl->cfg);
@ -153,8 +140,6 @@ static int ssl_close(esp_transport_handle_t t)
if (ssl->ssl_initialized) {
esp_tls_conn_delete(ssl->tls);
ssl->ssl_initialized = false;
ssl->verify_server = false;
ssl->mutual_authentication = false;
}
return ret;
}

19
examples/mqtt_ssl_mutual_auth/CMakeLists.txt
Wyświetl plik

@ -1,19 +0,0 @@
cmake_minimum_required(VERSION 3.5)
get_filename_component(DEV_ROOT "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
set(PROJECT_ROOT "${DEV_ROOT}/")
set(SUBMODULE_ROOT "${DEV_ROOT}/../../../")
set(PROJECT_NAME "mqtt_ssl_mutual_auth")
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
set(MAIN_SRCS ${PROJECT_ROOT}/main/app_main.c)
set(EXTRA_COMPONENT_DIRS "${EXTRA_COMPONENT_DIRS} ${SUBMODULE_ROOT}")
set(BUILD_COMPONENTS "${BUILD_COMPONENTS} espmqtt")
project(${PROJECT_NAME})

16
examples/mqtt_ssl_mutual_auth/README.md
Wyświetl plik

@ -1,16 +0,0 @@
# ESPMQTT SSL Sample application
Navigate to the main directory
```
cd main
```
Generate a client key and a CSR. When you are generating the CSR, do not use the default values. At a minimum, the CSR must include the Country, Organisation and Common Name fields.
```
openssl genrsa -out client.key
openssl req -out client.csr -key client.key -new
```
Paste the generated CSR in the [Mosquitto test certificate signer](https://test.mosquitto.org/ssl/index.php), click Submit and copy the downloaded `client.crt` in the `main` directory.

10
examples/protocols/mqtt/ssl_mutual_auth/CMakeLists.txt 100644
Wyświetl plik

@ -0,0 +1,10 @@
# The following four lines of boilerplate have to be in your project's CMakeLists
# in this exact order for cmake to work correctly
cmake_minimum_required(VERSION 3.5)
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
project(mqtt_ssl_mutual_auth)
target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "main/client.crt" TEXT)
target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "main/client.key" TEXT)

6
examples/mqtt_ssl_mutual_auth/Makefile → examples/protocols/mqtt/ssl_mutual_auth/Makefile
Wyświetl plik

@ -2,12 +2,6 @@
# This is a project Makefile. It is assumed the directory this Makefile resides in is a
# project subdirectory.
#
#
# This is a project Makefile. It is assumed the directory this Makefile resides in is a
# project subdirectory.
#
PROJECT_NAME := mqtt_ssl_mutual_auth
EXTRA_COMPONENT_DIRS += $(PROJECT_PATH)/../../../
include $(IDF_PATH)/make/project.mk

81
examples/protocols/mqtt/ssl_mutual_auth/README.md 100644
Wyświetl plik

@ -0,0 +1,81 @@
# ESP-MQTT SSL Sample application (mutual authentication)
(See the README.md file in the upper level 'examples' directory for more information about examples.)
This example connects to the broker test.mosquitto.org using ssl transport with client certificate and as a demonstration subscribes/unsubscribes and send a message on certain topic.
It uses ESP-MQTT library which implements mqtt client to connect to mqtt broker.
## How to use example
### Hardware Required
This example can be executed on any ESP32 board, the only required interface is WiFi and connection to internet.
### Configure the project
```
make menuconfig
```
* Set serial port under Serial Flasher Options.
* Set ssid and password for the board to connect to AP.
* Generate your client keys and certificate
Navigate to the main directory
```
cd main
```
Generate a client key and a CSR. When you are generating the CSR, do not use the default values. At a minimum, the CSR must include the Country, Organisation and Common Name fields.
```
openssl genrsa -out client.key
openssl req -out client.csr -key client.key -new
```
Paste the generated CSR in the [Mosquitto test certificate signer](https://test.mosquitto.org/ssl/index.php), click Submit and copy the downloaded `client.crt` in the `main` directory.
Please note, that the supplied files `client.crt` and `client.key` in the `main` directory are only placeholders for your client certificate and key (i.e. the example "as is" would compile but would not connect to the broker)
### Build and Flash
Build the project and flash it to the board, then run monitor tool to view serial output:
```
make -j4 flash monitor
```
(To exit the serial monitor, type ``Ctrl-]``.)
See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects.
## Example Output
```
I (3714) event: sta ip: 192.168.0.139, mask: 255.255.255.0, gw: 192.168.0.2
I (3714) system_api: Base MAC address is not set, read default base MAC address from BLK0 of EFUSE
I (3964) MQTT_CLIENT: Sending MQTT CONNECT message, type: 1, id: 0000
I (4164) MQTTS_EXAMPLE: MQTT_EVENT_CONNECTED
I (4174) MQTTS_EXAMPLE: sent publish successful, msg_id=41464
I (4174) MQTTS_EXAMPLE: sent subscribe successful, msg_id=17886
I (4174) MQTTS_EXAMPLE: sent subscribe successful, msg_id=42970
I (4184) MQTTS_EXAMPLE: sent unsubscribe successful, msg_id=50241
I (4314) MQTTS_EXAMPLE: MQTT_EVENT_PUBLISHED, msg_id=41464
I (4484) MQTTS_EXAMPLE: MQTT_EVENT_SUBSCRIBED, msg_id=17886
I (4484) MQTTS_EXAMPLE: sent publish successful, msg_id=0
I (4684) MQTTS_EXAMPLE: MQTT_EVENT_SUBSCRIBED, msg_id=42970
I (4684) MQTTS_EXAMPLE: sent publish successful, msg_id=0
I (4884) MQTT_CLIENT: deliver_publish, message_length_read=19, message_length=19
I (4884) MQTTS_EXAMPLE: MQTT_EVENT_DATA
TOPIC=/topic/qos0
DATA=data
I (5194) MQTT_CLIENT: deliver_publish, message_length_read=19, message_length=19
I (5194) MQTTS_EXAMPLE: MQTT_EVENT_DATA
TOPIC=/topic/qos0
DATA=data
```

4
examples/protocols/mqtt/ssl_mutual_auth/main/CMakeLists.txt 100644
Wyświetl plik

@ -0,0 +1,4 @@
set(COMPONENT_SRCS "app_main.c")
set(COMPONENT_ADD_INCLUDEDIRS ".")
register_component()

2
examples/mqtt_ssl_mutual_auth/main/Kconfig.projbuild → examples/protocols/mqtt/ssl_mutual_auth/main/Kconfig.projbuild
Wyświetl plik

@ -1,4 +1,4 @@
menu "MQTT Application sample"
menu "Example Configuration"
config WIFI_SSID
string "WiFi SSID"

4
examples/mqtt_ssl_mutual_auth/main/app_main.c → examples/protocols/mqtt/ssl_mutual_auth/main/app_main.c 100755 → 100644
Wyświetl plik

@ -20,7 +20,7 @@
#include "esp_log.h"
#include "mqtt_client.h"
static const char *TAG = "MQTTS_SAMPLE";
static const char *TAG = "MQTTS_EXAMPLE";
static EventGroupHandle_t wifi_event_group;
const static int CONNECTED_BIT = BIT0;
@ -63,7 +63,7 @@ static void wifi_init(void)
};
ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA));
ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config));
ESP_LOGI(TAG, "start the WIFI SSID:[%s] password:[%s]", CONFIG_WIFI_SSID, "******");
ESP_LOGI(TAG, "start the WIFI SSID:[%s]", CONFIG_WIFI_SSID);
ESP_ERROR_CHECK(esp_wifi_start());
ESP_LOGI(TAG, "Waiting for wifi");
xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT, false, true, portMAX_DELAY);

1
examples/protocols/mqtt/ssl_mutual_auth/main/client.crt 100644
Wyświetl plik

@ -0,0 +1 @@
Please paste your client certificate here (follow instructions in README.md)

1
examples/protocols/mqtt/ssl_mutual_auth/main/client.key 100644
Wyświetl plik

@ -0,0 +1 @@
Please paste here your client key (follow instructions in README.md)

0
examples/mqtt_ssl_mutual_auth/main/component.mk → examples/protocols/mqtt/ssl_mutual_auth/main/component.mk
Wyświetl plik