这个项目我有一些问题https://github.com/debsahu/ESP-MQTT-AWS-IoT-Core :如果我使用 AWS 证书一切正常,但如果我使用使用 openssl 创建的证书,代码会返回此错误:“失败,原因 -> 已接受连接 < 5 秒后重试”
为了创建中间证书(aws 的最佳实践),我使用了本指南:https://jamielinux.com/docs/openssl-certificate-authority/introduction.html
#ifdef ESP32
#include <WiFi.h>
#elif defined(ESP8266)
#include <ESP8266WiFi.h>
#else
#error Platform not supported
#endif
#include <WiFiClientSecure.h>
#include <ArduinoJson.h> //https://github.com/bblanchon/ArduinoJson (use v6.xx)
#include <time.h>
#define emptyString String()
//Follow instructions from https://github.com/debsahu/ESP-MQTT-AWS-IoT- Core/blob/master/doc/README.md
//Enter values in secrets.h ▼
#include "secrets.h"
#ifndef PIO_PLATFORM
//#define USE_PUB_SUB //uncomment to use PubSubClient(https://github.com/knolleary/pubsubclient)
#endif
#if !(ARDUINOJSON_VERSION_MAJOR == 6 and ARDUINOJSON_VERSION_MINOR >= 7)
#error "Install ArduinoJson v6.7.0-beta or higher"
#endif
const int MQTT_PORT = 8883;
const char MQTT_SUB_TOPIC[] = "$aws/things/OggettoZero/shadow/update";
const char MQTT_PUB_TOPIC[] = "$aws/things/OggettoZero/shadow/update";
#ifdef USE_SUMMER_TIME_DST
uint8_t DST = 1;
#else
uint8_t DST = 0;
#endif
WiFiClientSecure net;
#ifdef ESP8266
BearSSL::X509List cert(cacert);
BearSSL::X509List client_crt(client_cert);
BearSSL::PrivateKey key(privkey);
#endif
#ifdef USE_PUB_SUB
#include <PubSubClient.h>
#if defined(USE_PUB_SUB) and defined(PIO_PLATFORM) // PIO has issues, needs MQTT.h definition or else freaks out
#include <MQTT.h>
#endif
PubSubClient client(net);
#else
#include <MQTT.h>
MQTTClient client;
#endif
unsigned long lastMillis = 0;
time_t now;
time_t nowish = 1510592825;
void NTPConnect(void)
{
Serial.print("Setting time using SNTP");
configTime(TIME_ZONE * 3600, DST * 3600, "pool.ntp.org", "time.nist.gov");
now = time(nullptr);
while (now < nowish)
{
delay(500);
Serial.print(".");
now = time(nullptr);
}
Serial.println("done!");
struct tm timeinfo;
gmtime_r(&now, &timeinfo);
Serial.print("Current time: ");
Serial.print(asctime(&timeinfo));
}
#ifdef USE_PUB_SUB
void messageReceivedPubSub(char *topic, byte *payload, unsigned int length)
{
Serial.print("Received [");
Serial.print(topic);
Serial.print("]: ");
for (unsigned int i = 0; i < length; i++)
{
Serial.print((char)payload[i]);
}
Serial.println();
}
void pubSubErr(int8_t MQTTErr)
{
if (MQTTErr == MQTT_CONNECTION_TIMEOUT)
Serial.print("Connection tiemout");
else if (MQTTErr == MQTT_CONNECTION_LOST)
Serial.print("Connection lost");
else if (MQTTErr == MQTT_CONNECT_FAILED)
Serial.print("Connect failed");
else if (MQTTErr == MQTT_DISCONNECTED)
Serial.print("Disconnected");
else if (MQTTErr == MQTT_CONNECTED)
Serial.print("Connected");
else if (MQTTErr == MQTT_CONNECT_BAD_PROTOCOL)
Serial.print("Connect bad protocol");
else if (MQTTErr == MQTT_CONNECT_BAD_CLIENT_ID)
Serial.print("Connect bad Client-ID");
else if (MQTTErr == MQTT_CONNECT_UNAVAILABLE)
Serial.print("Connect unavailable");
else if (MQTTErr == MQTT_CONNECT_BAD_CREDENTIALS)
Serial.print("Connect bad credentials");
else if (MQTTErr == MQTT_CONNECT_UNAUTHORIZED)
Serial.print("Connect unauthorized");
}
#else
void messageReceived(String &topic, String &payload)
{
Serial.println("Recieved [" + topic + "]: " + payload);
}
void lwMQTTErr(lwmqtt_err_t reason)
{
if (reason == lwmqtt_err_t::LWMQTT_SUCCESS)
Serial.print("Success");
else if (reason == lwmqtt_err_t::LWMQTT_BUFFER_TOO_SHORT)
Serial.print("Buffer too short");
else if (reason == lwmqtt_err_t::LWMQTT_VARNUM_OVERFLOW)
Serial.print("Varnum overflow");
else if (reason == lwmqtt_err_t::LWMQTT_NETWORK_FAILED_CONNECT)
Serial.print("Network failed connect");
else if (reason == lwmqtt_err_t::LWMQTT_NETWORK_TIMEOUT)
Serial.print("Network timeout");
else if (reason == lwmqtt_err_t::LWMQTT_NETWORK_FAILED_READ)
Serial.print("Network failed read");
else if (reason == lwmqtt_err_t::LWMQTT_NETWORK_FAILED_WRITE)
Serial.print("Network failed write");
else if (reason == lwmqtt_err_t::LWMQTT_REMAINING_LENGTH_OVERFLOW)
Serial.print("Remaining length overflow");
else if (reason == lwmqtt_err_t::LWMQTT_REMAINING_LENGTH_MISMATCH)
Serial.print("Remaining length mismatch");
else if (reason == lwmqtt_err_t::LWMQTT_MISSING_OR_WRONG_PACKET)
Serial.print("Missing or wrong packet");
else if (reason == lwmqtt_err_t::LWMQTT_CONNECTION_DENIED)
Serial.print("Connection denied");
else if (reason == lwmqtt_err_t::LWMQTT_FAILED_SUBSCRIPTION)
Serial.print("Failed subscription");
else if (reason == lwmqtt_err_t::LWMQTT_SUBACK_ARRAY_OVERFLOW)
Serial.print("Suback array overflow");
else if (reason == lwmqtt_err_t::LWMQTT_PONG_TIMEOUT)
Serial.print("Pong timeout");
}
void lwMQTTErrConnection(lwmqtt_return_code_t reason)
{
if (reason == lwmqtt_return_code_t::LWMQTT_CONNECTION_ACCEPTED)
Serial.print("Connection Accepted");
else if (reason == lwmqtt_return_code_t::LWMQTT_UNACCEPTABLE_PROTOCOL)
Serial.print("Unacceptable Protocol");
else if (reason == lwmqtt_return_code_t::LWMQTT_IDENTIFIER_REJECTED)
Serial.print("Identifier Rejected");
else if (reason == lwmqtt_return_code_t::LWMQTT_SERVER_UNAVAILABLE)
Serial.print("Server Unavailable");
else if (reason == lwmqtt_return_code_t::LWMQTT_BAD_USERNAME_OR_PASSWORD)
Serial.print("Bad UserName/Password");
else if (reason == lwmqtt_return_code_t::LWMQTT_NOT_AUTHORIZED)
Serial.print("Not Authorized");
else if (reason == lwmqtt_return_code_t::LWMQTT_UNKNOWN_RETURN_CODE)
Serial.print("Unknown Return Code");
}
#endif
void connectToMqtt(bool nonBlocking = false)
{
Serial.print("MQTT connecting ");
while (!client.connected())
{
if (client.connect(THINGNAME))
{
Serial.println("connected!");
if (!client.subscribe(MQTT_SUB_TOPIC))
#ifdef USE_PUB_SUB
pubSubErr(client.state());
#else
lwMQTTErr(client.lastError());
#endif
}
else
{
Serial.print("failed, reason -> ");
#ifdef USE_PUB_SUB
pubSubErr(client.state());
#else
lwMQTTErrConnection(client.returnCode());
#endif
if (!nonBlocking)
{
Serial.println(" < try again in 5 seconds");
delay(5000);
}
else
{
Serial.println(" <");
}
}
if (nonBlocking)
break;
}
}
void connectToWiFi(String init_str)
{
if (init_str != emptyString)
Serial.print(init_str);
while (WiFi.status() != WL_CONNECTED)
{
Serial.print(".");
delay(1000);
}
if (init_str != emptyString)
Serial.println("ok!");
}
void checkWiFiThenMQTT(void)
{
connectToWiFi("Checking WiFi");
connectToMqtt();
}
unsigned long previousMillis = 0;
const long interval = 5000;
void checkWiFiThenMQTTNonBlocking(void)
{
connectToWiFi(emptyString);
if (millis() - previousMillis >= interval && !client.connected()) {
previousMillis = millis();
connectToMqtt(true);
}
}
void checkWiFiThenReboot(void)
{
connectToWiFi("Checking WiFi");
Serial.print("Rebooting");
ESP.restart();
}
void sendData(void)
{
DynamicJsonDocument jsonBuffer(JSON_OBJECT_SIZE(3) + 100);
JsonObject root = jsonBuffer.to<JsonObject>();
JsonObject state = root.createNestedObject("state");
JsonObject state_reported = state.createNestedObject("reported");
state_reported["value"] = random(100);
Serial.printf("Sending [%s]: ", MQTT_PUB_TOPIC);
serializeJson(root, Serial);
Serial.println();
char shadow[measureJson(root) + 1];
serializeJson(root, shadow, sizeof(shadow));
#ifdef USE_PUB_SUB
if (!client.publish(MQTT_PUB_TOPIC, shadow, false))
pubSubErr(client.state());
#else
if (!client.publish(MQTT_PUB_TOPIC, shadow, false, 0))
lwMQTTErr(client.lastError());
#endif
}
void setup()
{
Serial.begin(115200);
delay(5000);
Serial.println();
Serial.println();
#ifdef ESP32
WiFi.setHostname(THINGNAME);
#else
WiFi.hostname(THINGNAME);
#endif
WiFi.mode(WIFI_STA);
WiFi.begin(ssid, pass);
connectToWiFi(String("Attempting to connect to SSID: ") + String(ssid));
NTPConnect();
#ifdef ESP32
net.setCACert(cacert);
net.setCertificate(client_cert);
net.setPrivateKey(privkey);
#else
net.setTrustAnchors(&cert);
net.setClientRSACert(&client_crt, &key);
#endif
#ifdef USE_PUB_SUB
client.setServer(MQTT_HOST, MQTT_PORT);
client.setCallback(messageReceivedPubSub);
#else
client.begin(MQTT_HOST, MQTT_PORT, net);
client.onMessage(messageReceived);
#endif
connectToMqtt();
}
void loop()
{
now = time(nullptr);
if (!client.connected())
{
checkWiFiThenMQTT();
//checkWiFiThenMQTTNonBlocking();
//checkWiFiThenReboot();
}
else
{
client.loop();
if (millis() - lastMillis > 5000)
{
lastMillis = millis();
sendData();
}
}
}
在文件 secret.h 中,我放入了使用 openssl 创建的证书:私钥、设备证书和 CA 证书。
我预计连接将像使用 AWS 证书一样工作,但代码返回此错误:“失败,原因 -> 连接已接受 < 5 秒后重试”,我不知道这是什么类型的错误可以!
最佳答案
使用您自己生成的 key 时,您需要创建相应的 CA 证书并将其注册到 AWS IoT。此处描述了此步骤和其他必要步骤:
https://docs.aws.amazon.com/iot/latest/developerguide/device-certs-your-own.html
关于使用 openssl 中间证书连接到 AWS MQTT 代理,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57285074/