tve / mqboard

Micro Framework for MicroPython Boards Managed via MQTT
MIT License
120 stars 18 forks source link

SSL/TLS Example for mqtt_async.py (ssl_params) #22

Open colin-infersens opened 3 years ago

colin-infersens commented 3 years ago

Hi Thorsten,

I'm loving your work - this is an excellent model for remote communication and management of IoT devices - thanks.

I'd be really grateful if you could provide an example of ssl_params that would be required to enable me to use mqboard with an MQTT broker using TLS, please.

Many thanks,

Colin

tve commented 3 years ago

I use MQTTS with mosquitto and have it configured with a user and password for each device. I set the mqtt config dict as shown in https://github.com/tve/mqboard/blob/master/board/board_config_tmpl.py#L26-L33 except that I also add a "port": 4883 'cause that's what my broker listens to. Does this help?

Edit: I do use let's encrypt with a DNS verification to issue a public cert to my broker even though it's on a private network.

colin-infersens commented 3 years ago

Thanks for the speedy response, Thorsten.

I had seen your board_config template example before, thank you, but I was interested in using client key and certificate .pem files, rather than username/pwd access; apologies, I should have made my original question a bit clearer!

Thanks again,

Colin

tve commented 3 years ago

I have to admit that I have not used key/cert... The ssl_params dict gets passed pretty much straight through to modssl.wrap_socket converted into keyword args: https://github.com/tve/micropython/blob/tve-1.13/extmod/uasyncio/stream.py#L101-L117 So according to the docs you need something like ssl_params={"keyfile":"filename1","certfile":"filename2"}... But would you be surprised that that's not the implementation on the esp32? ... It seems to expect ssl_params={"key":"the key","cert":"the cert"}. The values should be strings and are fed into mbedtls_pk_parse_key and mbedtls_x509_crt_parse. I'm pretty sure this test works: https://github.com/tve/micropython/blob/tve-1.13/tests/multi_net/ssl_data.py Hope this helps ;-)

colin-infersens commented 3 years ago

That's so helpful, Thorsten, thank you. I'll try that now and let you know how I get on. Many thanks, Colin

tve commented 3 years ago

Great progress! Yes, need to add the options and send the info to the broker.

colin-infersens commented 3 years ago

Hi Thorsten,

A bit of an update; I added @click.options for --user and --pwd in mqboard.py, then modified engine.py at line 31 to include:

if user and pwd:
     self._mqclient.username_pw_set(user, pwd)

...and it seems to be working fine.

Thanks again for your help.

Kind regards,

Colin