[Closed] Mosquitto client with TLS support

Hi Guys.

I'm working on a project in which I want to use a Arduino Yun to send some data to a MQTT server (broker), using a secure connexion.

The MQTT server is already up and running on a Debian, and is using TLS.

On the Yun, the mosquitto-client package available in the repository is old and isn't providing any SSL/TLS support.

Is there any way I can use a newer version of the package, or even compile it myself ?

Thanks !

++ Diehard

The version of mosquitto comes with Yun is 0.15. The latest version of mosquitto (with SSL support) comes with Openwrt is 1.3.1. The latest version of mosquitto is 1.4.7.

http://mosquitto.org/

Mosquitto Version 1.4.7 released Thursday, December 31st, 2015

back port upstream Openwrt's 1.3.1 or compile latest mosquitto 1.4.7 yourself.

Hi.

Thanks for your reply.

I tried to compile version 1.4.5 on the Yun.

Ran into an error when running make

[code] root@Arduino:~/mosquitto-1.4.5# make set -e; for d in lib client src; do make -C ${d}; done make[1]: Entering directory /root/mosquitto-1.4.5/lib' gcc -shared  -Wl,--version-script=linker.version -Wl,-soname,libmosquitto.so.1 mosquitto.o logging_mosq.o memory_mosq.o messages_mosq.o net_mosq.o read_handle.o read_handle_client.o read_handle_shared.o send_mosq.o send_client_mosq.o socks_mosq.o srv_mosq.o thread_mosq.o time_mosq.o tls_mosq.o util_mosq.o will_mosq.o -o libmosquitto.so.1  -lrt -lssl -lcrypto -lpthread /usr/bin/ld: cannot find -lssl /usr/bin/ld: cannot find -lcrypto collect2: ld returned 1 exit status make[1]: *** [libmosquitto.so.1] Error 1 make[1]: Leaving directory/root/mosquitto-1.4.5/lib' make: *** [mosquitto] Error 2 [/code]

I understand it can't find some library needed to complete the operation.

Anyhelp would be appreciated at this point, I couldn't figure how to solve it yet.

++ Diehard

Diehard: ... /usr/bin/ld: cannot find -lssl /usr/bin/ld: cannot find -lcrypto ...

You need copy of openssl-dev and crypto-dev, plus pass path of .so.

Diehard: ... I tried to compile version 1.4.5 on the Yun. ...

From version 1.4 and up, need newer openssl ( 'EC_KEY' ?) support. But Yun's openssl is far behind. http://forum.arduino.cc/index.php?topic=368002.msg2536433#msg2536433

Best bet is back port upstream Openwrt's 1.3.1, then forward port 1.3.5 from upstream (http://mosquitto.org/).

sonnyyu:
Best bet is back port upstream Openwrt’s 1.3.1, then forward port 1.3.5 from upstream (http://mosquitto.org/).

Thanks.

Is there any tuto or existing guide to help me achieve that ?

Would I benefit from compiling an OpenWRT/Linino ? Would I have access to a more recent repository then ?

++
Diehard

sonnyyu: You need copy of openssl-dev and crypto-dev, plus pass path of .so.

Since I don't have the openssl-dev nor crypto-dev packages available for installation in the repository, how can I do so ?

mosquitto-client-nossl_1.4.4-1_ar71xx.ipk          06-Jan-2016 12:14               15127
mosquitto-client_1.4.4-1_ar71xx.ipk                06-Jan-2016 12:14               16658
mosquitto-nossl_1.4.4-1_ar71xx.ipk                 06-Jan-2016 12:14               55162
mosquitto_1.4.4-1_ar71xx.ipk                   06-Jan-2016 12:14               62227

https://forum.arduino.cc/index.php?topic=370500.0

Yeah, I saw those yesterday (here for instance)

I downloaded the following two

mosquitto-client_1.4.4-1_ar71xx.ipk
libmosquitto_1.4.4-1_ar71xx.ipk

Installation using opkg returns some errors, the command mosquitto_pub & mosquitto_sub were available, but kept throwing errors regarding TLS.

I thought maybe there were still some issues with openssl packages on the Yun.

Diehard: Yeah, I saw those yesterday (here for instance)

I downloaded the following two

mosquitto-client_1.4.4-1_ar71xx.ipk
libmosquitto_1.4.4-1_ar71xx.ipk

Installation using opkg returns some errors, the command mosquitto_pub & mosquitto_sub were available, but kept throwing errors regarding TLS.

I thought maybe there were still some issues with openssl packages on the Yun.

It is for Bleeding Edge - Designated Driver.

The packages I found and listed in the previous post are from the current development branch, called Designated Driver.

Latest Stable branch, Chaos Calmer, also have the packages I need, in version 1.4.2, which handles TLS.

But I'm guessing I won't be able to install those on the Yun, will I ?

Try this:

https://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/packages/

mosquitto-client-nossl_1.4.4-1_ar71xx.ipk          06-Jan-2016 12:14               15127
mosquitto-client_1.4.4-1_ar71xx.ipk                06-Jan-2016 12:14               16658
mosquitto-nossl_1.4.4-1_ar71xx.ipk                 06-Jan-2016 12:14               55162
mosquitto_1.4.4-1_ar71xx.ipk                   06-Jan-2016 12:14               62227
libmosquitto-nossl_1.3.5-1_ar71xx.ipk              14-Jun-2015 12:04               16129
libmosquitto_1.3.5-1_ar71xx.ipk                    14-Jun-2015 12:04               19194

sonnyyu:
Try this:

https://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/packages/

mosquitto-client-nossl_1.4.4-1_ar71xx.ipk          06-Jan-2016 12:14               15127

mosquitto-client_1.4.4-1_ar71xx.ipk                06-Jan-2016 12:14              16658
mosquitto-nossl_1.4.4-1_ar71xx.ipk                06-Jan-2016 12:14              55162
mosquitto_1.4.4-1_ar71xx.ipk          06-Jan-2016 12:14              62227
libmosquitto-nossl_1.3.5-1_ar71xx.ipk              14-Jun-2015 12:04              16129
libmosquitto_1.3.5-1_ar71xx.ipk                    14-Jun-2015 12:04              19194

Yes, that did the trick !

Thank you so much for your help.

I still had an TLS related error, but I figured it out (it was a certificate problem).

sonnyyu: Try this:

https://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/packages/

mosquitto-client-nossl_1.4.4-1_ar71xx.ipk          06-Jan-2016 12:14               15127
mosquitto-client_1.4.4-1_ar71xx.ipk                06-Jan-2016 12:14               16658
mosquitto-nossl_1.4.4-1_ar71xx.ipk                 06-Jan-2016 12:14               55162
mosquitto_1.4.4-1_ar71xx.ipk           06-Jan-2016 12:14               62227
libmosquitto-nossl_1.3.5-1_ar71xx.ipk              14-Jun-2015 12:04               16129
libmosquitto_1.3.5-1_ar71xx.ipk                    14-Jun-2015 12:04               19194

It is work around.

libmosquitto_1.3.5-1_ar71xx.ipk

sonnyyu: From version 1.4 and up, need newer openssl ( 'EC_KEY' ?) support. But Yun's openssl is far behind. http://forum.arduino.cc/index.php?topic=368002.msg2536433#msg2536433

Best bet is back port upstream Openwrt's 1.3.1, then forward port 1.3.5 from upstream (http://mosquitto.org/).

1.3.5 is missing support of 'EC_KEY' (ECC key)

ECC v.s. RSA

Advantage of RSA:

  • Well established.

Advantages of ECC (elliptic curve):

  • Shorter keys are as strong as long key for RSA
  • Low on CPU consumption.
  • Low on memory usage.

Hi.

It’s working fine, but security isn’t optimal.

To be able to use the client in version 1.4.x, I need to upgrade the firmware to the latest branch of OpenWRT.

I’ll definitely give it a shot anytime soon.

Thanks for pointing this out.

Are there any plans to upgrade the Yun firmware distributed by Arduino ?

++
Diehard