使用MQTT代理在ESP8266 Wemos D1 Mini上验证SSL证书
我有一个树莓皮3与树莓伸展作为其操作系统。根据本教程,我已在raspberry pi上安装并完全配置了MQTT代理: 在经纪人方面,一切都很顺利。证书将在60天后续订,您只能通过本地主机连接到端口1883,其他端口(8883和8083)已打开,但只能使用TLS版本1.2访问,后者也可以使用WebSocket访问。在下面,您可以找到我的MOSQUITO配置代码(/etc/mosQUITO/conf.d/default.conf) 我还买了一台ESP8266 Wemos D1 Mini,以安全的方式连接到该经纪人。我从以下链接使用了pubsubclient库:https://github.com/knolleray/pubsubclient用于我的MQTT客户端。 我使用此链接的主分支:用于我的安全SSL连接。下面是我用来编程我的Wemos D1 Mini的代码使用MQTT代理在ESP8266 Wemos D1 Mini上验证SSL证书,ssl,mqtt,esp8266,Ssl,Mqtt,Esp8266,我有一个树莓皮3与树莓伸展作为其操作系统。根据本教程,我已在raspberry pi上安装并完全配置了MQTT代理: 在经纪人方面,一切都很顺利。证书将在60天后续订,您只能通过本地主机连接到端口1883,其他端口(8883和8083)已打开,但只能使用TLS版本1.2访问,后者也可以使用WebSocket访问。在下面,您可以找到我的MOSQUITO配置代码(/etc/mosQUITO/conf.d/default.conf) 我还买了一台ESP8266 Wemos D1 Mini,以安全的方式
#include <ESP8266WiFi.h>
#include <PubSubClient.h>
#include <time.h>
void callback(char* topic, byte* payload, unsigned int length) {
Serial.print("Message arrived [");
Serial.print(topic);
Serial.print("] ");
for (int i = 0; i < length; i++) {
Serial.print((char)payload[i]);
}
Serial.println();
}
const char* ssid = "ssid";
const char* password = "wifipassword";
const char* host = "home.kamidesigns.be";
const int port = 8883;
WiFiClientSecure espClient;
PubSubClient client(host, port, callback, espClient);
long lastMsg = 0;
char msg[50];
int value = 0;
void setup() {
Serial.begin(115200);
Serial.println();
Serial.print("connecting to ");
Serial.println(ssid);
WiFi.begin(ssid, password);
while (WiFi.status() != WL_CONNECTED) {
delay(500);
Serial.print(".");
}
Serial.println("");
Serial.println("WiFi connected");
Serial.println("IP address: ");
Serial.println(WiFi.localIP());
// Synchronize time useing SNTP. This is necessary to verify that
// the TLS certificates offered by the server are currently valid.
Serial.print("Setting time using SNTP");
configTime(8 * 3600, 0, "pool.ntp.org", "time.nist.gov");
time_t now = time(nullptr);
while (now < 1000) {
delay(500);
Serial.print(".");
now = time(nullptr);
}
Serial.println("");
struct tm timeinfo;
gmtime_r(&now, &timeinfo);
Serial.print("Current time: ");
Serial.print(asctime(&timeinfo));
}
void reconnect() {
// Loop until we're reconnected
while (!client.connected()) {
Serial.print("Attempting MQTT connection...");
// Attempt to connect
if (client.connect("ESP8266LightController","username","password")) {
Serial.println("connected");
// Once connected, publish an announcement...
client.publish("outTopic", "hello world");
// ... and resubscribe
client.subscribe("inTopic");
} else {
Serial.print("failed, rc=");
Serial.print(client.state());
Serial.println(" try again in 5 seconds");
// Wait 5 seconds before retrying
delay(5000);
}
}
}
#包括
#包括
#包括
无效回调(字符*主题,字节*有效负载,无符号整数长度){
串行打印(“消息到达[”);
连续打印(主题);
序列号。打印(“]”);
for(int i=0;i
当我启动Wemos D1时,串行监视器显示:
连接到ssid
..
无线上网
IP地址:
192.168.0.213
使用SNTP设置时间。
当前时间:2017年10月14日星期六02:26:25
正在尝试MQTT连接…已连接
这很好,这正是我想要的,但我很困惑我的Wemos D1如何能够在不验证服务器证书链的情况下连接到端口8883?请记住,我从未将证书上载到Wemos D1或在代码中实现证书,但它仍然可以连接。两个选项之一
从这个角度看,选项2很可能是因为它意味着连接后您必须自己验证证书。您是对的,我确实需要手动验证链。我使用了HTTPSRequestCACert.ino的示例代码,从中我首先使用espClient.setCACert(caCert,caCertLen)设置根CA证书;然后使用espClient.verifyCertChain(主机);现在我用不同的证书进行了尝试,letsencrypt创建的chain.pem、fullchain.pem文件、根证书和letsencrypt()网站上的中间证书。但都不管用。我使用此命令更改证书:xxd-I chain.pem ca_cert.h。
#include <ESP8266WiFi.h>
#include <PubSubClient.h>
#include <time.h>
void callback(char* topic, byte* payload, unsigned int length) {
Serial.print("Message arrived [");
Serial.print(topic);
Serial.print("] ");
for (int i = 0; i < length; i++) {
Serial.print((char)payload[i]);
}
Serial.println();
}
const char* ssid = "ssid";
const char* password = "wifipassword";
const char* host = "home.kamidesigns.be";
const int port = 8883;
WiFiClientSecure espClient;
PubSubClient client(host, port, callback, espClient);
long lastMsg = 0;
char msg[50];
int value = 0;
void setup() {
Serial.begin(115200);
Serial.println();
Serial.print("connecting to ");
Serial.println(ssid);
WiFi.begin(ssid, password);
while (WiFi.status() != WL_CONNECTED) {
delay(500);
Serial.print(".");
}
Serial.println("");
Serial.println("WiFi connected");
Serial.println("IP address: ");
Serial.println(WiFi.localIP());
// Synchronize time useing SNTP. This is necessary to verify that
// the TLS certificates offered by the server are currently valid.
Serial.print("Setting time using SNTP");
configTime(8 * 3600, 0, "pool.ntp.org", "time.nist.gov");
time_t now = time(nullptr);
while (now < 1000) {
delay(500);
Serial.print(".");
now = time(nullptr);
}
Serial.println("");
struct tm timeinfo;
gmtime_r(&now, &timeinfo);
Serial.print("Current time: ");
Serial.print(asctime(&timeinfo));
}
void reconnect() {
// Loop until we're reconnected
while (!client.connected()) {
Serial.print("Attempting MQTT connection...");
// Attempt to connect
if (client.connect("ESP8266LightController","username","password")) {
Serial.println("connected");
// Once connected, publish an announcement...
client.publish("outTopic", "hello world");
// ... and resubscribe
client.subscribe("inTopic");
} else {
Serial.print("failed, rc=");
Serial.print(client.state());
Serial.println(" try again in 5 seconds");
// Wait 5 seconds before retrying
delay(5000);
}
}
}