ssl 无法连接到Hivemq,并且arduino状态=2

cvxl0en2  于 2022-11-14  发布在  Hive
关注(0)|答案(2)|浏览(179)

我尝试在HiveMQ中连接我的服务器上的ESP8266板。由于知道更新将是基于TLS的连接,我不得不修改我的代码。但是,到目前为止,我还不能稳定连接。虽然我可以将代码上传到esp,但它向我发送消息:正在尝试MQTT连接...失败,rc=-2请在5秒后重试。

注意:hivemq指南是错误的,很多问题)我已经安装了OPENssl来获取证书,但是这三个都不起作用。我正在等待帮助,请。

#include <ESP8266WiFi.h>
#include <PubSubClient.h>
#include <WiFiClientSecure.h>

//---- WiFi settings
const char* ssid ="myssid";
const char* password = "mypass";
//---- MQTT Broker settings
const char* mqtt_server =  "06f141f33c074deab7c362e9cf1f3eee.s1.eu.hivemq.cloud";
// This is my broker
const char* mqtt_username = "myuser";
const char* mqtt_password = "mypass";
const int mqtt_port =8883;

WiFiClientSecure espClient;
PubSubClient client(espClient);
unsigned long lastMsg = 0;

#define MSG_BUFFER_SIZE (50)
char msg[MSG_BUFFER_SIZE];

const char* sensor1_topic= "temperatura";
const char* sensor2_topic="umidade";

const char *x509CA PROGMEM = R"EOF("
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
")EOF";

void setup() {

Serial.begin(9600);
Serial.print("\nConnecting to ");
Serial.println(ssid);

WiFi.mode(WIFI_STA);
WiFi.begin(ssid, password);

while (WiFi.status() != WL_CONNECTED) {
delay(500);
Serial.print(".");
}
randomSeed(micros());
Serial.println("\nWiFi connected\nIP address: ");
Serial.println(WiFi.localIP());

while (!Serial) delay(1);

espClient.setCACert((const uint8_t*)x509CA, sizeof(x509CA) - 1);
client.setServer(mqtt_server, mqtt_port);
client.setCallback(callback);
}

void loop() {

  if (!client.connected()) reconnect();
  client.loop();

publishMessage(sensor1_topic,String("XXXX"),true);    
publishMessage(sensor2_topic,String("XXXX"),true);
}

//=======================================================================Function=================================================================================

void reconnect() {
// Loop until we’re reconnected
while (!client.connected()) {
Serial.print("Attempting MQTT connection…");
String clientId = "ESP8266Client"; // Create a random client ID
clientId += String(random(0xffff), HEX);
// Attempt to connect
if (client.connect(clientId.c_str(), mqtt_username, mqtt_password)) {
Serial.println("connected");

  client.subscribe(sensor1_topic);   // subscribe the topics here
  //client.subscribe(command2_topic);   // subscribe the topics here
} else {
  Serial.print("failed, rc=");
  Serial.print(client.state());
  Serial.println(" try again in 5 seconds");   // Wait 5 seconds before retrying
  delay(5000);
}
}
}

//=======================================
// This void is called every time we have a message from the broker

void callback(char* topic, byte* payload, unsigned int length) {
String incomingMessage = "HELLO";
for (int i = 0; i < length; i++) incomingMessage+=(char)payload[i];
Serial.println("Message arrived");
// check for other commands
/* else if( strcmp(topic,command2_topic) == 0){
if (incomingMessage.equals(“1”)) { } // do something else
}
*/
}

//======================================= publising as string
void publishMessage(const char* topic, String payload , boolean retained){
if (client.publish(topic, payload.c_str(), true))
Serial.println("Published");
}
kse8i1jr

kse8i1jr1#

在与另一位同事交谈后,他得出结论,ESP8266可能由于其内存容量低而不支持TLS连接,更好的解决方案是通过添加以下代码来绕过加密:将:espClient.setCACert((const uint8_t*)x509CA, sizeof(x509CA) - 1);替换为:espClient.setInsecure();

ux6nzvsh

ux6nzvsh2#

当我看到这个问题时,我也有计划将一个ESP8266板连接到HiveMQ。虽然最初的发帖者已经决定不根据CA证书检查服务器证书,但我确实设法让这部分工作,所以我想我仍然会发布我的答案,因为它可能会有帮助。
当使用WifiClientSecure时,有几个选项可以用来检查远程服务器的身份。这些选项由单独的方法调用控制(另请参见BearSSL Wifi Classes):

  • setInsecure()-这完全绕过了对服务器证书的检查,因此尽管建立了TLS连接,但我们不能保证服务器实际上是HiveMQ。
  • setKnownKey()-我们提供了希望从HiveMQ接收的完整公钥(可以使用openssl s_client找到)。如果HiveMQ更新其证书,则连接将失败。
  • setFingerprint()-类似于setKnownKey(),但这里我们只检查服务器公钥的SHA1指纹。同样,如果HiveMQ更新他们的证书,连接将失败。
  • setTrustAnchors()-这将检查服务器证书是否已由提供的CA列表中的证书签名,并检查服务器的身份。这具有即使HiveMQ更新其服务器证书也能工作的优点-只要其CA保持不变。CA证书通常比服务器证书具有更长的寿命。但是,为了验证服务器证书,WifiClientSecure对象需要知道当前时间,我们可以使用setX509Time()方法来设置。这意味着我们需要从NTP服务器获取当前时间。(注意setCACert()在最新的代码库中已被弃用)。

下面的代码显示了使用setTrustAnchors()和单个CA证书连接到HiveMQ。(同样,可以使用openssl s_client连接到HiveMQ并查看哪个CA签署了证书来找到此证书)。

#include <NTPClient.h>
#include <ESP8266WiFi.h>
#include <WiFiClientSecure.h>
#include <WiFiUdp.h>

#include <PubSubClient.h>

const String MQTT_HOST("0123456789abcdef0123456789abcdef.s1.eu.hivemq.cloud");
const int    MQTT_PORT = 8883 ;
const String MQTT_CLIENT_ID("test_hive_client_1");
const String MQTT_USER("mqttuser"); 
const String MQTT_PWD("secretpassword"); 

String wifiSid = "MY_WIFI_SID";
String wifiPwd = "anothersecretpassword";

// The CA certificate used to sign the HiveMQ server certificate 
static const char caCert[] PROGMEM = R"EOF(
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
)EOF";

X509List caCertList(caCert); 

// Use secure client to handle TLS connection. 
WiFiClientSecure wifiClient ;
PubSubClient mqttClient(wifiClient) ;

// BearSSL needs current time to validate certificate. 
WiFiUDP ntpUDP; 
NTPClient timeClient(ntpUDP, "pool.ntp.org", 0); 

// Publish current time to MQTT every 5 seconds
#define MQTT_TIME_UPDATE_PERIOD 5000 
unsigned long nextTimeUpdate = 0 ;

void mqttCallback(const char* topic, byte* payload, unsigned int length)
{
  // Payload may not be null terminated. 
  char value[length+1]; 
  memcpy(value,payload, length); 
  value[length] = '\0'; 
  
  Serial.print("MQTT update: "); 
  Serial.print(topic);
  Serial.print(":");
  Serial.println(value); 
}

void connectToWifi() 
{
  WiFi.mode(WIFI_STA); 

  WiFi.disconnect(); 
  WiFi.begin(wifiSid.c_str(), wifiPwd.c_str()); 

  Serial.println("");
  Serial.print("Connecting to " + wifiSid + " - "); 

  while (WiFi.status() != WL_CONNECTED)
  {
      Serial.print("."); 
      delay(1000); 
  }
  
  Serial.println(""); 
  Serial.print("Connected, IP Address = ");
  Serial.println(WiFi.localIP()); 
}

void checkWifi()
{
  if ( WiFi.status() != WL_CONNECTED )
  {
    connectToWifi(); 
  }
}

void checkMQTT()
{
  if ( !mqttClient.connected() )
  {
    String details = MQTT_HOST + "/" ; 
    details += MQTT_PORT ;
    
    Serial.println("Connecting to MQTT server: " + details); 
     
    mqttClient.setServer(MQTT_HOST.c_str(), MQTT_PORT);   
    
    while( !mqttClient.connected() )
    {
      Serial.println(".");

      // secure client needs to know the current time. 
      timeClient.update(); 
      time_t now = (time_t) timeClient.getEpochTime();
      wifiClient.setX509Time(now); 

      int ret = mqttClient.connect(MQTT_CLIENT_ID.c_str(), MQTT_USER.c_str(), MQTT_PWD.c_str());

      Serial.print("MQTT Connect returned: ");
      Serial.println(ret);

      if ( !mqttClient.connected() )
        delay(5000); 
    }
    
    Serial.println("Connected to MQTT"); 

    mqttClient.setCallback(mqttCallback); 
    mqttClient.subscribe("test/value1"); 
  }
}

void setup() {

  Serial.begin(9600); 

  Serial.println("Starting"); 
  
  // Load certificates
  wifiClient.setTrustAnchors(&caCertList); 

  connectToWifi(); 
  checkMQTT(); 

  nextTimeUpdate = millis() + MQTT_TIME_UPDATE_PERIOD ;
}

void loop() {

  checkWifi();
  checkMQTT();
  mqttClient.loop();

  if ( millis() > nextTimeUpdate )
  {
      // publish the current time to MQTT. 
      timeClient.update(); 
      const char* payload = timeClient.getFormattedTime().c_str(); 
      mqttClient.publish("test/current-time", payload, true); 

      nextTimeUpdate = millis() + MQTT_TIME_UPDATE_PERIOD ;
  }
  
  delay(50);
}

相关问题