OTA with MQTT TLS not workingΒ #648
Description
Hi everyone, happy new year!
I finally got to the point where I could test OTA updates under TLS. As we know it does not work.
Doc gives a hint :
ASYNC_TCP_SSL_ENABLED
This compiler flag allows to use SSL encryption for MQTT connections. All other network
connections still can not be encrypted like HTTP or OTA.
What was rather painful to find is that for esp32 AsyncTcp has no support for TLS. There is a PR though that includes client side TLS using an mbed lib. Since all this adds an extra level of complexity I-ll start by debugging on ESP8266 and then if I can make that work Ill see what I can do in esp32 (my board of choice).
If anyone has any ideas on what the problem is for OTA not working on TLS please let me know :)
Here is what I am doing :
python ota_updater.py -l mqtt.dc-iot.com -p 8883 -t devices/ -i testbox8266 --broker-tls-cacert ca.crt /home/nemi/workspace/dc/homie_test/firmware.bin
Connecting to mqtt broker mqtt.dc-iot.com on port 8883
Connected with result code 0
Waiting for device to come online...
Waiting for device info...
Publishing new firmware with checksum 367e1be9f437c66f747a54de50016720
Waiting for device info...
Expecting checksum 367e1be9f437c66f747a54de50016720, got fc9d1211fbc105e51d3e4359d76cd108, update failed!mqtt.dc-iot.com resolves in my private DNS to my mqtt server, that-s not even a real domain.
I can see if I subscribe to the base topic (using mosquitto_sub) that the FW is pushed just fine but then when the board receives the message it just disconnects from the server
π‘ Firmware test (1.0.0)
π Booting into normal mode π
SSL is: 1
Using fingerprint: 2362f4fbc7890e450d43bb377220e2ac85409936
{} Stored configuration
β’ Hardware device ID: cc50e33ca8c5
β’ Device ID: testbox8266
β’ Name: Test Box 8266
β’ Device Stats Interval: 10 sec
β’ Wi-Fi:
β¦ SSID: dc-iot
β¦ Password not shown
β¦ IP: 192.168.0.201
β¦ Mask: 255.255.255.0
β¦ Gateway: 192.168.0.1
β’ MQTT:
β¦ Host: mqtt.dc-iot.com
β¦ Port: 8883
β¦ SSL enabled: true
β¦ Fingerprint: 2362f4fbc7890e450d43bb377220e2ac85409936
β¦ Base topic: devices/
β¦ Auth? no
β’ OTA:
β¦ Enabled? yes
...
γ½ Sending statistics...
β’ Interval: 15s (10s including 5s grace time)
β’ Wi-Fi signal quality: 100%
β’ Uptime: 597s
β MQTT disconnected, reason: 0
Triggering MQTT_DISCONNECTED event...
β Attempting to connect to MQTT...
Sending initial information...
β MQTT disconnected, reason: 0
Triggering MQTT_DISCONNECTED event...
β Attempting to connect to MQTT...
Sending initial information...
β MQTT ready
Triggering MQTT_READY event...
γ½ Sending statistics...
β’ Interval: 15s (10s including 5s grace time)
β’ Wi-Fi signal quality: 100%
β’ Uptime: 599shere is my platformio ini file
[env:nodemcuv2]
platform = espressif8266
board = nodemcuv2
framework = arduino
build_flags =
;-D PIO_FRAMEWORK_ARDUINO_LWIP2_LOW_MEMORY
-D ASYNC_TCP_SSL_ENABLED=1
-D PIO_FRAMEWORK_ARDUINO_LWIP2_HIGHER_BANDWIDTH
upload_speed = 115200
lib_ldf_mode = deep
lib_deps =
[email protected]
https://github.com/homieiot/homie-esp8266.git#develop-v3and the deps :
|-- <ArduinoJson> 6.13.0
|-- <Homie> 3.0.0 #104a09c
| |-- <ArduinoJson> 6.13.0
| |-- <AsyncMqttClient> 0.8.2
| | |-- <ESPAsyncTCP> 1.2.0
| | | |-- <ESP8266WiFi> 1.0
| |-- <Bounce2> 2.52
| |-- <ESP Async WebServer> 1.2.3
| | |-- <ESPAsyncTCP> 1.2.0
| | | |-- <ESP8266WiFi> 1.0
| | |-- <Hash> 1.0
| | |-- <ESP8266WiFi> 1.0
| | |-- <ArduinoJson> 6.13.0
| |-- <DNSServer> 1.1.1
| | |-- <ESP8266WiFi> 1.0
| |-- <ESP8266WiFi> 1.0
| |-- <ESP8266HTTPClient> 1.2
| | |-- <ESP8266WiFi> 1.0
| |-- <ESPAsyncTCP> 1.2.0
| | |-- <ESP8266WiFi> 1.0
| |-- <ESP8266mDNS> 1.2
| | |-- <ESP8266WiFi> 1.0
| |-- <Ticker> 1.0