ustccw
commented
2 years ago @sl2121 For a common TLS connection, certificate should be an optional item, not a required item. More details are in RFC 5246, search Message flow for a full handshake.
so as for ESP32-AT, MQTT can be established without certificate verify, that should make sense.
Of course, you can specify the certificate verification mode by <scheme> parameter, which defined in AT+MQTTUSERCFG command.
Please let me know if anything unclear.
Hi i have a question regarding Azure Iot Hub connection. Following : https://blog.csdn.net/espressif/article/details/105045610, i connected to the hub. Using the SAS token created from symmetric key. But without sending any CA certificate!!! to myIoThub.azure-devices.net.
I also enstablished a single TLS connection to the hub also without the certificate.
In Microsoft Documentation TLS/SSL configuration : To use the MQTT protocol directly, clients must connect via TLS/SSL. Attempts to skip this step fail with a connection error.
To establish a TLS connection, you may need to download and reference the DigiCert Baltimore root certificate. This certificate is used by Azure to secure the connection.
In all examples Python, C SDK for Azure, Arduino, the first thing to do is to give the CA certificate.
Why ESP32 AT doesn't need to verify any CA certificate?
Thanks.