安全连接失败“链无法链接到信任锚”

时间:2019-12-16 09:58:16

标签: ssl esp8266 platformio

尝试设置并连接到安全的MQTT服务器。 SSL握手失败:

Attempting MQTT connection...Checking TLS @ 192.168.1.8...
BSSL:_connectSSL: start connection
BSSL:Connected!
Connection secure -> .BSSL:_connectSSL: start connection
BSSL:_wait_for_handshake: failed
BSSL:Couldn't connect. Error = 'Chain could not be linked to a trust anchor.'
failed, rc=-2 try again in 5 seconds

StackThunk.cpp中定义的堆栈大小:

 #define _stackSize (5900/4)

如何解决此错误?

代码:

#include <ESP8266WiFi.h>
#include <ESP8266mDNS.h>
#include <PubSubClient.h>
#include <NTPClient.h>
#include <time.h>
const char* cfg_wifi_ssid = "******";
const char* cfg_wifi_pwd = "******";
const char* mqtt_server = "192.168.1.8";
const unsigned int mqtt_port = 8883;
const char* mqtt_user =   "a";
const char* mqtt_pass =   "a";

const char ca_cert[] PROGMEM = R"EOF(
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
)EOF";

WiFiClientSecure espClient;
PubSubClient client(espClient);
void callback(char* topic, byte* payload, unsigned int length);
void verifyFingerprint() ;
char buffer[80];

WiFiUDP ntpUDP;
// By default 'pool.ntp.org' is used with 60 seconds update interval and
// no offset
NTPClient timeClient(ntpUDP);


void setup() {
 Serial.begin(9600);
 Serial.println("TestMQTT");

 WiFi.mode(WIFI_STA);
 WiFi.begin(cfg_wifi_ssid, cfg_wifi_pwd);

 while (WiFi.status() != WL_CONNECTED) {
 delay(500);
 Serial.print(".");
  }

 Serial.println("");
 Serial.println("WiFi connected");
 Serial.println("IP address: ");
 Serial.println(WiFi.localIP());


timeClient.begin();
while(!timeClient.update()){
 timeClient.forceUpdate();
}

espClient.setX509Time(timeClient.getEpochTime());

Serial.println(timeClient.getFormattedTime());


 client.setServer(mqtt_server, mqtt_port);
 client.setCallback(callback);

 while (!client.connected()) {

 Serial.print("Attempting MQTT connection...");
 verifyFingerprint();
//    if (client.connect("a", mqtt_user, mqtt_pass)) {
 if (client.connect("a", mqtt_user, mqtt_pass)) {
 Serial.println("connected");
 client.subscribe("sensor");
    }else{
 Serial.print("failed, rc=");
 Serial.print(client.state());
 Serial.println(" try again in 5 seconds");
      // Wait 5 seconds before retrying
 delay(5000);
    }
  }
}

void callback(char* topic, byte* payload, unsigned int length) {
 Serial.print("Message arrived [");
 Serial.print(topic);
 Serial.print("] ");

 char message[length + 1];
 for (int i = 0; i < length; i++) {
 message[i] = (char)payload[i];
  }
 message[length] = '\0';
 Serial.println(message);
}

void verifyFingerprint() {
 if(client.connected() || espClient.connected()) return;

 Serial.print("Checking TLS @ ");
 Serial.print(mqtt_server);
 Serial.print("...");
 Serial.println("");

 BearSSL::X509List cert(ca_cert);
 espClient.setTrustAnchors(&cert);

 if (!espClient.connect(mqtt_server, mqtt_port)) {
 Serial.println("Connection failed. Rebooting.");
 ESP.restart();
  }
 if (espClient.verify(ca_cert, mqtt_server)) {
 Serial.print("Connection secure -> .");
  } else {
 Serial.println("Connection insecure! Rebooting.");
 ESP.restart();
  }

 espClient.stop();

 delay(100);
}


void loop() {
 timeClient.update();
 Serial.println(timeClient.getFormattedTime());

 client.loop();

 delay(1000);
}

0 个答案:

没有答案
相关问题
最新问题