Open schlamar opened 2 weeks ago
So you should remove these parts from configuration / documentation.
According to https://github.com/jomjol/AI-on-the-edge-device/issues/2625#issuecomment-1773154210 it should work. How ever there seems to be a restriction: https://github.com/jomjol/AI-on-the-edge-device/discussions/3054#discussioncomment-9271256
Can you test if it works with TLS 1.2?
My server (I use traefik as TLS proxy to Mosquitto) supports TLS 1.2 and to be sure I just verified it with a modified Python example.
Possible other causes I want to check:
OK I checked the behavior of the client with a simple TCP/IP honeypot server. The client doesn't send any data at all and just terminates the connection. Which means it doesn't even try to start TLS negotiation.
Could it be that certificate in PEM format is not supported and you have to provide DER format? ESP32 documentation says
For secure connections with TLS used, and to guarantee Broker's identity, the verification struct must be set. The broker certificate may be set in PEM or DER format. To select DER, the equivalent certificate_len field must be set. Otherwise, a null-terminated string in PEM format should be provided to certificate field.
@LordGuilly Can you provide some documentation how you generated your certificate? This seems not to be clear.
I looked at https://tasmota.github.io/docs/TLS/#implementation-notes but there is a lot of information and not all seems to apply to our ESP32.
when I added this, I used mutual TLS, so used both server and client certs, connecting to AWS. I don't remember doing any strange formatting for the certs, so I guess the standard Amazon root CA should be a reference for the file format (https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html and looks like PEM is ok). I don't have the device online anymore (moved to the dark side of smart meters), but I am sure I still have the device with the SD card somewhere in a box, so let me try to find it, I vaguely remember having issues with the length, so maybe extra new lines or spaces could mess up things
The Problem
I have configured MQTT with TLS however the connections fails without a useful error:
My server is configured correctly. TLS Connection with a simple Python script works:
Version
15.7.0
Logfile
Expected Behavior
No response
Screenshots
No response
Additional Context
No response