Question about aws iot example

khoih-prog / EthernetWebServer_SSL

Simple TLS/SSL Ethernet WebServer, HTTP Client and WebSocket Client library for for AVR, Portenta_H7, Teensy, SAM DUE, SAMD21, SAMD51, STM32F/L/H/G/WB/MP1, nRF52 and RASPBERRY_PI_PICO boards using Ethernet shields W5100, W5200, W5500, ENC28J60 or Teensy 4.1 NativeEthernet/QNEthernet. It now supports Ethernet TLS/SSL Client. The library supports HTTP/HTTPS GET and POST requests, provides argument parsing, handles one client at a time. It supports Arduino boards (SAM DUE, Atmel SAM3X8E ARM Cortex-M3, SAMD21, SAMD51, ESP8266, ESP32, Adafruit nRF52, Teensy boards) using Wiznet W5x00 or ENC28J60 network shields. Ethernet_Generic library is used as default for W5x00 with custom SPI

GNU General Public License v3.0

46 stars 10 forks source link

Question about aws iot example #24

Closed simogaspa84 closed 2 years ago

simogaspa84 commented 2 years ago

Hi Mr @khoih-prog ..

I was following your example here ...

https://github.com/khoih-prog/EthernetWebServer_SSL/blob/main/examples/AWS_IoT/AWS_IoT.ino

I have a question about this variable

SSLClientParameters mTLS = SSLClientParameters::fromPEM(my_cert, sizeof my_cert, my_key, sizeof my_key);

I don't find where you use or where should be called.. I think it is missing in the example because it is mndatory for aws connection ..

Please let me know ..

Thanks for your work

khoih-prog commented 2 years ago

The mTLS use (in function setMutualAuthParams) is optional to add a client certificate and enable support for mutual authentication, if needed. If used, it must be called before EthernetSSLClient starting an SSL connection.

Function prototype

void setMutualAuthParams(const SSLClientParameters& params);

Used as follows

ethClientSSL.setMutualAuthParams(mTLS);

You can try to add it before or after this line

https://github.com/khoih-prog/EthernetWebServer_SSL/blob/3bc3b43e9b0da7a3a2f5bb40c679b1721ab6573e/examples/AWS_IoT/AWS_IoT.ino#L353

simogaspa84 commented 2 years ago

Thanks a lot @khoih-prog but for the connection to aws iot core i think it is mandatory for speaking with a device with its own private key and certificate.

khoih-prog commented 2 years ago

it is mandatory

I don't know if it's mandatory or not. Possibly new and only for recent AWS. Mutual authentication is normally not required for SSL client.

Please try and let us know which way AWS behaves, as I don't use it quite some time.

simogaspa84 commented 2 years ago

Ok I will try .... Do I still need the use of the lib EthernetGeneric.h if i am using this repo for my ethernet shield ?

https://github.com/maxgerhardt/EthernetENC.git

Thanks a lot @khoih-prog

khoih-prog commented 2 years ago

You can use EthernetENC library for ENC28J60

It'll be selected if you modify

https://github.com/khoih-prog/EthernetWebServer_SSL/blob/fc79ef0399f898ac6fa0f3897305d52cd6f85db0/examples/AWS_IoT/defines.h#L364-L368

// Only one if the following to be true
#define USE_ETHERNET_GENERIC  false
#define USE_ETHERNET_ESP8266  false 
#define USE_ETHERNET_ENC      true
#define USE_CUSTOM_ETHERNET   false

If you have issue with PIO, try using Arduino IDE v1.8.19 first.

simogaspa84 commented 2 years ago

It is working

`[�mum��2-hal-cpu.c:211] setCpuFrequencyMhz(): PLL: 480 / 2 = 240 Mhz, APB: 80000000 Hz Joined LAN with IP 192.168.0.46 Attempting MQTT connection...connected $aws/things/ESP32_TEMP/shadow/update/accepted $aws/things/ESP32_TEMP/shadow/update/rejected $aws/things/ESP32_TEMP/shadow/update/delta $aws/things/ESP32_TEMP/shadow/get/accepted $aws/things/ESP32_TEMP/shadow/get/rejected Started updateThing Published [$aws/things/ESP32_TEMP/shadow/update] {"state": {"reported": {"powerState":"ON"}}} Done updateThing

khoih-prog commented 2 years ago

It is working

Good. With or without Mutual Authentication ?

simogaspa84 commented 2 years ago

With Mutual Authentication