mbedTLS integration


#1

Does any have experience of integrating the mbedTLS into MQTT broker?


#2

Are you trying to run a broker on the mangOH Red? If so, what are your clients?


#3

I’m trying too bind the dataconnectionservice and modem service but stumped at the moment as the data structures don’t align


#4

Can you provide an example of the issue you are having.


#5

I notice that https://github.com/startwithsierra/utils-legato-mqtt doesn’t have any TLS support so I I am attempting to integrate from https://github.com/ARMmbed/mbedtls. I don’t understand the network interface of the mbed well enough to know if its possible to send the data on the WP85’s cellular modem. I can’t see lower down in either APIs to know whether I can do a binding of dataconnectionservice’s read, write, connect, disconnect to the equivalent mbedtls’s network structure


#6

Hi I had a look at your Paho Linux Version. Encouraged by the direction that you’re taking it with the certificate support and also with the non-dependency on the closed datarouter. That datarouter is horrible.

A few questions on your implementation though,

I ran a doxygen and couldn’t trace the details of certain functions like MQTTClient_connect, MQTTClient_disconnect, and MQTTClient_publish

or the full structure definitions
typedef struct mqtt_Session
{
MQTTClient client;
MQTTClient_connectOptions connectOptions;
MQTTClient_SSLOptions sslOptions;
mqtt_MessageArrivedHandlerFunc_t messageArrivedHandler;
void* messageArrivedHandlerContext;
mqtt_ConnectionLostHandlerFunc_t connectionLostHandler;
void* connectionLostHandlerContext;
// The legato client session that owns this MQTT session
le_msg_SessionRef_t clientSession;
} mqtt_Session;

Where would these be defined?

Also I notice you have implemented support for root CA. How could I include support for the client certificate and private key?

Whether its your implementation or the mbedLTS/AWS (which is also based on the Paho Linux implementation), since neither can use the existing datarouter (and in its current implementaion it shouldn’t), my question remains the same as above - how to open a socket connection and bind it to the mqtt services. People I know who have used the SW HL series have used the AT command set to establish data connections. I have no expertise in that area so an API solution would be ideal. Any suggestions welcome.


#7

Adding support for client certificates is on my personal TODO list, but I have some higher priority tasks, so I doubt I will get to it in the near future. I haven’t been using doxygen, so I can’t comment on how the output looks.

MQTTClient_connect() is part of paho. It’s defined in pahoLegatoComponent/paho.mqtt.c/src/MQTTClient.c at line 1153.

If you’re interested in adding support for client certificates, then the place to look is the parameters set in the sslOptsions member of the mqtt_Session struct that you mentioned in your previous post. Patches are welcome :slight_smile: