Crash_Override/OVMS3-idf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

mqtt: update example documentation on generating a certificate for ssl authentication to hosts

Browse source 
Closes https://github.com/espressif/esp-idf/issues/3593
This commit is contained in:
David Cermak 2019-06-12 14:55:58 +02:00
parent 5588b22796
commit 3eda52f6cd
5 changed files with 18 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
examples/protocols/mqtt/ssl/README.md
View file

@ -3,6 +3,7 @@
(See the README.md file in the upper level 'examples' directory for more information about examples.)
This example connects to the broker iot.eclipse.org using ssl transport and as a demonstration subscribes/unsubscribes and send a message on certain topic.
(Please note that the public broker is maintained by the community so may not be always available, for details please see this [disclaimer](https://iot.eclipse.org/getting-started/#sandboxes))
It uses ESP-MQTT library which implements mqtt client to connect to mqtt broker.
@ -18,10 +19,14 @@ This example can be executed on any ESP32 board, the only required interface is
* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../../README.md) for more details.
* When using Make build system, set `Default serial port` under `Serial flasher config`.
Note how to create a PEM certificate for iot.eclipse.org:
PEM certificate for this example could be extracted from an openssl `s_client` command connecting to iot.eclipse.org.
In case a host operating system has `openssl` and `sed` packages installed, one could execute the following command to download and save the root certificate to a file (Note for Windows users: Both Linux like environment or Windows native packages may be used).
```
openssl s_client -showcerts -connect iot.eclipse.org:8883 </dev/null 2>/dev/null|openssl x509 -outform PEM >iot_eclipse_org.pem
echo "" | openssl s_client -showcerts -connect iot.eclipse.org:8883 | sed -n "1,/Root/d; /BEGIN/,/END/p" | openssl x509 -outform PEM >iot_eclipse_org.pem
```
Please note that this is not a general command for downloading a root certificate for an arbitrary host;
this command works with iot.eclipse.org as the site provides root certificate in the chain, which then could be extracted
with text operation.
### Build and Flash

1
examples/protocols/mqtt/ssl_mutual_auth/README.md
View file

@ -3,6 +3,7 @@
(See the README.md file in the upper level 'examples' directory for more information about examples.)
This example connects to the broker test.mosquitto.org using ssl transport with client certificate and as a demonstration subscribes/unsubscribes and send a message on certain topic.
(Please note that the public broker is maintained by the community so may not be always available, for details please visit http://test.mosquitto.org)
It uses ESP-MQTT library which implements mqtt client to connect to mqtt broker.

2
examples/protocols/mqtt/tcp/README.md
View file

@ -2,6 +2,8 @@
(See the README.md file in the upper level 'examples' directory for more information about examples.)
This example connects to the broker URI selected using `make menuconfig` (using mqtt tcp transport) and as a demonstration subscribes/unsubscribes and send a message on certain topic.
(Please note that the public broker is maintained by the community so may not be always available, for details please see this [disclaimer](https://iot.eclipse.org/getting-started/#sandboxes))
Note: If the URI equals `FROM_STDIN` then the broker address is read from stdin upon application startup (used for testing)
It uses ESP-MQTT library which implements mqtt client to connect to mqtt broker.

1
examples/protocols/mqtt/ws/README.md
View file

@ -3,6 +3,7 @@
(See the README.md file in the upper level 'examples' directory for more information about examples.)
This example connects to the broker iot.eclipse.org over web sockets as a demonstration subscribes/unsubscribes and send a message on certain topic.
(Please note that the public broker is maintained by the community so may not be always available, for details please see this [disclaimer](https://iot.eclipse.org/getting-started/#sandboxes))
It uses ESP-MQTT library which implements mqtt client to connect to mqtt broker.

8
examples/protocols/mqtt/wss/README.md
View file

@ -2,6 +2,7 @@
(See the README.md file in the upper level 'examples' directory for more information about examples.)
This example connects to the broker iot.eclipse.org over secure websockets and as a demonstration subscribes/unsubscribes and send a message on certain topic.
(Please note that the public broker is maintained by the community so may not be always available, for details please see this [disclaimer](https://iot.eclipse.org/getting-started/#sandboxes))
It uses ESP-MQTT library which implements mqtt client to connect to mqtt broker.
@ -19,9 +20,14 @@ This example can be executed on any ESP32 board, the only required interface is
Note how to create a PEM certificate for iot.eclipse.org:
PEM certificate for this example could be extracted from an openssl `s_client` command connecting to iot.eclipse.org.
In case a host operating system has `openssl` and `sed` packages installed, one could execute the following command to download and save the root certificate to a file (Note for Windows users: Both Linux like environment or Windows native packages may be used).
```
openssl s_client -showcerts -connect iot.eclipse.org:8883 </dev/null 2>/dev/null|openssl x509 -outform PEM >iot_eclipse_org.pem
echo "" | openssl s_client -showcerts -connect iot.eclipse.org:443 | sed -n "1,/Root/d; /BEGIN/,/END/p" | openssl x509 -outform PEM >iot_eclipse_org.pem
```
Please note that this is not a general command for downloading a root certificate for an arbitrary host;
this command works with iot.eclipse.org as the site provides root certificate in the chain, which then could be extracted
with text operation.
### Build and Flash