From 0aa61ce58f1aa368e7002c6485770b62eaf154c2 Mon Sep 17 00:00:00 2001 From: Sergey Lyubka Date: Sun, 10 Nov 2024 08:45:34 +0000 Subject: [PATCH] Update build, use EC certs --- tutorials/mqtt/mqtt-client-aws-iot/Makefile | 26 +++++++----- tutorials/mqtt/mqtt-client-aws-iot/main.c | 42 +++++++++---------- .../mqtt/mqtt-client-aws-iot/packed_fs.c | 1 - 3 files changed, 36 insertions(+), 33 deletions(-) delete mode 120000 tutorials/mqtt/mqtt-client-aws-iot/packed_fs.c diff --git a/tutorials/mqtt/mqtt-client-aws-iot/Makefile b/tutorials/mqtt/mqtt-client-aws-iot/Makefile index 92e28365..8012369e 100644 --- a/tutorials/mqtt/mqtt-client-aws-iot/Makefile +++ b/tutorials/mqtt/mqtt-client-aws-iot/Makefile @@ -1,11 +1,14 @@ PROG ?= example # Program we are building DELETE = rm -rf # Command to remove files OUT ?= -o $(PROG) # Compiler argument for output file -SOURCES = main.c mongoose.c packed_fs.c # Source code files, packed_fs.c contains ca.pem, which contains CA certs for TLS CFLAGS = -W -Wall -Wextra -g -I. # Build options +SOURCES = main.c mongoose.c mongoose_fs.c # Mongoose build options. See https://mongoose.ws/documentation/#build-options -CFLAGS_MONGOOSE += -DMG_ENABLE_LINES=1 -DMG_ENABLE_PACKED_FS=1 +CFLAGS_MONGOOSE += -DMG_ENABLE_PACKED_FS=1 +#CFLAGS_MONGOOSE += -DMG_TLS=MG_TLS_BUILTIN +CFLAGS_MONGOOSE += -DMG_TLS=MG_TLS_OPENSSL -lssl -lcrypto -I/opt/homebrew/opt/openssl@3.4/include/ -L/opt/homebrew/opt/openssl@3.4/lib +#CFLAGS_MONGOOSE += -DMG_TLS=MG_TLS_MBED -lmbedtls -lmbedcrypto -lmbedx509 -I/opt/homebrew/opt/mbedtls/include/ -L/opt/homebrew/opt/mbedtls/lib ifeq ($(OS),Windows_NT) # Windows settings. Assume MinGW compiler. To use VC: make CC=cl CFLAGS=/MD OUT=/Feprog.exe PROG ?= example.exe # Use .exe suffix for the binary @@ -16,17 +19,18 @@ ifeq ($(OS),Windows_NT) # Windows settings. Assume MinGW compiler. To use VC: MAKE += WINDOWS=1 CC=$(CC) endif -all: $(PROG) # Default target. Build and run program +all: $(PROG) $(RUN) ./$(PROG) $(ARGS) -$(PROG): $(SOURCES) # Build program from sources +$(PROG): $(SOURCES) Makefile $(CC) $(SOURCES) $(CFLAGS) $(CFLAGS_MONGOOSE) $(CFLAGS_EXTRA) $(OUT) -clean: # Cleanup. Delete built program and all build artifacts +csr: + openssl ecparam -noout -name prime256v1 -genkey -out key.pem + openssl req -new -key key.pem -subj /CN=Mongoose -out crt.csr + +mongoose_fs.c: ca.pem crt.pem key.pem + node ../../../test/pack.js ca.pem crt.pem key.pem > $@ + +clean: $(DELETE) $(PROG) *.o *.obj *.exe *.dSYM mbedtls - -# see https://mongoose.ws/tutorials/tls/#how-to-build for TLS build options - -mbedtls: # Pull and build mbedTLS library - git clone --depth 1 -b v2.28.2 https://github.com/mbed-tls/mbedtls $@ - $(MAKE) -C mbedtls/library diff --git a/tutorials/mqtt/mqtt-client-aws-iot/main.c b/tutorials/mqtt/mqtt-client-aws-iot/main.c index bfe86bc3..1b35dcea 100644 --- a/tutorials/mqtt/mqtt-client-aws-iot/main.c +++ b/tutorials/mqtt/mqtt-client-aws-iot/main.c @@ -6,32 +6,29 @@ // 2. When connected, subscribes to the topic `s_rx_topic` // 3. Publishes message `hello` to the `s_tx_topic` periodically // -// This example requires TLS support. By default, it is built with mbedTLS, -// therefore make sure mbedTLS is installed. To build with OpenSSL, execute: -// make clean all CFLAGS="-W -Wall -DMG_ENABLE_OPENSSL=1 -lssl" -// In order to get MQTT URL, login to AWS IoT, click on "Settings" on the left -// bar, copy the "Endpoint" URL. -static const char *s_url = - "mqtts://a1pjwh2bop1ojt-ats.iot.eu-west-1.amazonaws.com"; - -// To create certificates: -// 1. Click Policies -> Create, fill fields: -// Name : Policy1 +// How to build and run this example: +// 1. Login to AWS IoT +// 2. Click "Settings" on the left bar, copy the domain, change s_url below +// 3. Click Security -> Policies -> Create Policy, fill fields: +// Name : PolicyAllow // Action : iot:* // Resource ARN: * // Effect : allow // then, click "Create" -// 2. Click Manage -> Things -> Create things -> Create single thing -> Next -// Thing name: t1, no shadow, Next -// Auto-generate new certificate, Next -// Select policy Policy1, Create thing -// 3. From the dialog box that appears, download: -// xxx-certificate.pem.crt as cert.pem to the example directory -// xxx-private.pem.key as key.pem to the example directory -// static const char *s_cert = "cert.pem"; -// static const char *s_key = "key.pem"; +// 4. Create EC private key file and CSR (Certificate Signing Request) +// type "make csr", see Makefile +// 5. Click Security -> Certificates -> Add Certificate -> Create Certificate +// Choose "Create certificate with certificate signing request (CSR)" +// Choose "crt.csr" created on a previous step +// Choose "Active" to activate certificate +// Click Create +// Downoad AmazonRootCA1.pem as ca.pem and generated certificate as crt.pem +// Select certificate, attach PolicyAllow to it +// 6. Type "make" to build and run the example +static const char *s_url = + "mqtts://a1pjwh2bop1ojt-ats.iot.eu-west-1.amazonaws.com"; static const char *s_rx_topic = "d/rx"; static const char *s_tx_topic = "d/tx"; static int s_qos = 1; @@ -43,7 +40,9 @@ static void fn(struct mg_connection *c, int ev, void *ev_data) { // c->is_hexdumping = 1; } else if (ev == MG_EV_CONNECT) { if (mg_url_is_ssl(s_url)) { - struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ca.pem"), + struct mg_tls_opts opts = {.ca = mg_unpacked("/ca.pem"), + .cert = mg_unpacked("/crt.pem"), + .key = mg_unpacked("/key.pem"), .name = mg_url_host(s_url)}; mg_tls_init(c, &opts); } @@ -92,6 +91,7 @@ int main(void) { struct mg_mgr mgr; struct mg_mqtt_opts opts = {.clean = true}; bool done = false; + mg_log_set(MG_LL_DEBUG); mg_mgr_init(&mgr); // Initialise event manager MG_INFO(("Connecting to %s", s_url)); // Inform that we're starting mg_mqtt_connect(&mgr, s_url, &opts, fn, &done); // Create client connection diff --git a/tutorials/mqtt/mqtt-client-aws-iot/packed_fs.c b/tutorials/mqtt/mqtt-client-aws-iot/packed_fs.c deleted file mode 120000 index 5a635976..00000000 --- a/tutorials/mqtt/mqtt-client-aws-iot/packed_fs.c +++ /dev/null @@ -1 +0,0 @@ -../../http/http-client/packed_fs.c \ No newline at end of file