I am using Arduino Zero with W5500 for ethernet and mqtt. I also have hosting mqtt for both port 1883 & 8883. For secure connection , I am using generate self-signed certificate by OpenSSL. I have no problem with this since I able to test secure mqtts connection with EMQX dashboard.
Right now I want to secure for Arduino Zero. For SSLClient lib, its need TrustAnchor header, I try using pycert_bearssl.py, its generate empty header. Then i found out it need root certificate from trust store.
Is there any way to create TrustAnchor header from self-signed certificate? or I need to modify pycert_bearssl.py?
/*
Basic MQTT example (with SSL!)
This sketch demonstrates the basic capabilities of the library.
It connects to an MQTT server then:
- publishes "hello world" to the topic "outTopic"
- subscribes to the topic "inTopic", printing out any messages
it receives. NB - it assumes the received payloads are strings not binary
It will reconnect to the server if the connection is lost using a blocking
reconnect function. See the 'mqtt_reconnect_nonblocking' example for how to
achieve the same result without blocking the main loop.
You will need to populate "certificates.h" with your trust anchors
(see https://github.com/OPEnSLab-OSU/SSLClient/blob/master/TrustAnchors.md)
and my_cert/my_key with your certificate/private key pair
(see https://github.com/OPEnSLab-OSU/SSLClient#mtls).
*/
#include <SPI.h>
#include <Ethernet.h>
#include <SSLClient.h>
#include "certificates.h" // This file must be regenerated
#include <ArduinoMqttClient.h>
#define Serial SerialUSB // If using Arduino Zero
byte mac[] = { 0xDE, 0xED, 0xBA, 0xFE, 0xFE, 0xED };
const char broker[] = "mqtt.armscloud.com";
int port = 8884;
const char willTopic[] = "arduino/will";
const char inTopic[] = "arduino/in";
const char outTopic[] = "arduino/out";
const long interval = 10000;
unsigned long previousMillis = 0;
int count = 0;
EthernetClient ethClient;
SSLClient ethClientSSL(ethClient, TAs, (size_t)TAs_NUM, A5);
MqttClient mqttClient(ethClientSSL);
//MqttClient mqttClient(ethClient);
void callback(char* topic, byte* payload, unsigned int length) {
Serial.print("Message arrived [");
Serial.print(topic);
Serial.print("] ");
for (int i=0;i<length;i++) {
Serial.print((char)payload[i]);
}
Serial.println();
}
void onMqttMessage(int messageSize) {
// we received a message, print out the topic and contents
Serial.print("Received a message with topic '");
Serial.print(mqttClient.messageTopic());
Serial.print("', duplicate = ");
Serial.print(mqttClient.messageDup() ? "true" : "false");
Serial.print(", QoS = ");
Serial.print(mqttClient.messageQoS());
Serial.print(", retained = ");
Serial.print(mqttClient.messageRetain() ? "true" : "false");
Serial.print("', length ");
Serial.print(messageSize);
Serial.println(" bytes:");
// use the Stream interface to print the contents
while (mqttClient.available()) {
Serial.print((char)mqttClient.read());
}
Serial.println();
Serial.println();
}
void reconnectMqtt()
{
String willPayload = "oh no!";
bool willRetain = true;
int willQos = 1;
mqttClient.beginWill(willTopic, willPayload.length(), willRetain, willQos);
mqttClient.print(willPayload);
mqttClient.endWill();
mqttClient.setUsernamePassword("YourUsername","YourPassword");
Serial.print("Attempting to connect to the MQTT broker: ");
Serial.println(broker);
if (!mqttClient.connect(broker, port)) {
Serial.print("MQTT connection failed! Error code = ");
Serial.println(mqttClient.connectError());
while (1);
}
Serial.println("You're connected to the MQTT broker!");
Serial.println();
// set the message receive callback
mqttClient.onMessage(onMqttMessage);
Serial.print("Subscribing to topic: ");
Serial.println(inTopic);
Serial.println();
// subscribe to a topic
// the second parameter sets the QoS of the subscription,
// the the library supports subscribing at QoS 0, 1, or 2
int subscribeQos = 1;
mqttClient.subscribe(inTopic, subscribeQos);
// topics can be unsubscribed using:
// mqttClient.unsubscribe(inTopic);
Serial.print("Waiting for messages on topic: ");
Serial.println(inTopic);
Serial.println();
}
void setup(){
// Start Serial
Serial.begin(115200);
while(!Serial);
// Enable mutual TLS with SSLClient
//ethClientSSL.setMutualAuthParams(mTLS);
// You can use Ethernet.init(pin) to configure the CS pin
Ethernet.init(0); // Most Arduino shields
//Ethernet.init(5); // MKR ETH shield
//Ethernet.init(0); // Teensy 2.0
//Ethernet.init(20); // Teensy++ 2.0
//Ethernet.init(15); // ESP8266 with Adafruit Featherwing Ethernet
//Ethernet.init(33); // ESP32 with Adafruit Featherwing Ethernet
Ethernet.begin(mac);
reconnectMqtt();
}
void loop(){
/*if (!client.connected()) {
reconnect();
}
client.loop();*/
mqttClient.poll();
unsigned long currentMillis = millis();
if (currentMillis - previousMillis >= interval) {
// save the last time a message was sent
previousMillis = currentMillis;
String payload;
payload += "hello world!";
payload += " ";
payload += count;
Serial.print("Sending message to topic: ");
Serial.println(outTopic);
Serial.println(payload);
// send message, the Print interface can be used to set the message contents
// in this case we know the size ahead of time, so the message payload can be streamed
bool retained = false;
int qos = 1;
bool dup = false;
mqttClient.beginMessage(outTopic, payload.length(), retained, qos, dup);
mqttClient.print(payload);
mqttClient.endMessage();
Serial.println();
count++;
}
}