Lua SSL certificate and Azure Iot hub

3
votes

I am trying to connect my NodeMCU ESP-12N to Azure IoT hub.

I have created client with code like this:

esp8266 = mqtt.Client(DEVICE, 240, USER, PASSWD)

and receiving error on calling esp8266:connect

PANIC: unprotected error in call to Lua API (init.lua:127: ssl not available)

When I previously have connect my Arduino, then it was important to flash Wi-Fi with SSL certificate. However I can't do it with NodeMCU (or more right to say - don't know how).

I can get certificates with:

openssl s_client -showcerts -connect ArduinoDemoHub.azure-devices.net:8883

When I have add (thank you @MarcelStör for hint, I have tried previously net.cert.verify)

tls.cert.verify([[
-----BEGIN CERTIFICATE-----
MIIGsTCCBJmgADJKJFdWgAIQF5Koy/50vI3cQAAAAhAXjANBgkqhkiG9w0BAQsF
......
lz3ZDUcyzRgG6TRtA3SjASEUlJMt3f7xuI2nNpt8p5gy9pXuRw==
-----END CERTIFICATE-----
]])

tls.cert.verify(true)

I'v received another error:

Error Connecting: -5

UPDATE: There is another similar topic, and I have set time, but still without result.

UPDATE 2: Here are some links that I trying to use:

Use Azure IoT Hub without client libraries (MQTT)

Sending Device-to-Cloud (D2C) Messages

sankarcheppali gitHub with samples

Here is official Link Communicate with your IoT hub using the MQTT protocol that tells:

To use the MQTT protocol directly, your client must connect over TLS/SSL. Attempts to skip this will fail with connection errors.

This link also provides username that is different from old code samples: 

{iothubhostname}/{device_id}/api-version=2016-11-14
3
sslluatls1.2nodemcuazure-iot-hub

3 Answers

2
votes

TLS/SSL by default is disabled in the firmware build configuration. CLIENT_SSL_ENABLE in user_config.h must be uncommented before compiling/building the firmware.

The easiest is to use the cloud builder at https://nodemcu-build.com (by yours truly) and check the TLS checkbox.

Also, all TLS/SSL related functions in the net module (you use net.cert.verify) were extracted into the tls module a while ago. Unless there's convincing arguments for not using a current firmware build I suggest you try the dev branch. When you enable "TLS/SSL support" in the builder you get the tls module automatically.

UPDATE: There is nice article about Azure IoT hub and certificates: Certificate between IoT hub and devices connection

1
votes

I have created SAS with help of Device Explorer, that is looks like: 

SharedAccessSignature sr={your hub name}.azure-devices.net%2Fdevices%2FMyDevice01%2Fapi-version%3D2016-11-14&sig=vSgHBMUG.....Ntg%3d&se=1456481802

This value is set to PASSWD variable. Have changed USER variable to:

USER   = "MyAzureIoTHub.azure-devices.net/MyDeviceID/api-version=2016-11-14"

And has set to false tls.cert.verify

tls.cert.verify(false)

Works now :)

0
votes

You can refer to the following two libraries to connect NodeMCU ESP-12N to Azure IoT hub, these two libraries could be searched in Library Manager:

  • AzureIoTHubMQTTClient
  • AzureIoTProtocol_MQTT enter image description here

After installation,you can refer to the samples. enter image description here