wolfSSL
Add FreeRTOS + wolfIP + wolfMQTT TLS example
This PR adds a new full-stack example demonstrating wolfMQTT with TLS 1.3 running on FreeRTOS with wolfIP networking stack.
Features:
- MQTT client with TLS 1.3 using wolfMQTT and wolfSSL
- FreeRTOS POSIX simulation
- wolfIP network stack integration
- Network configuration: 10.10.0.1 (broker), 10.10.0.10 (client)
- Publish/subscribe on test/topic
- Test scripts and documentation included
Link to Devin run: https://app.devin.ai/sessions/9009e1c8e0304b43a2e0c5effeb90b2c Requested by: [email protected]
![devin-ai-integration[bot] avatar](https://avatars.githubusercontent.com/in/811515?v=4 "Published by a pub.dev verified publisher"){kind=small}
🤖 Devin AI Engineer
I'll be helping with this pull request! Here's what you should know:
✅ I will automatically:
- Address comments on this PR. Add "(aside)" to your comment to have me ignore it.
- Look at CI failures and help fix them
Note: I can only respond to comments from users who have write access to this repository.
⚙️ Control Options:
- [ ] Disable automatic comment and CI monitoring
Fix this build error:
In file included from /home/eric/repos/wolfssl-examples/fullstack/freertos-wolfip-wolfmqtt/src/mqtt_client.h:28,
from /home/eric/repos/wolfssl-examples/fullstack/freertos-wolfip-wolfmqtt/src/main.c:26:
/home/eric/repos/wolfssl-examples/fullstack/freertos-wolfip-wolfmqtt/src/mqtt_net.h:32:5: error: unknown type name ‘WOLFSSL’
32 | WOLFSSL* ssl;
| ^~~~~~~
make[2]: *** [CMakeFiles/freertos_sim.dir/build.make:202: CMakeFiles/freertos_sim.dir/src/main.c.o] Error 1
make[1]: *** [CMakeFiles/Makefile2:111: CMakeFiles/freertos_sim.dir/all] Error 2
make: *** [Makefile:91: all] Error 2
Resolve these build errors
In file included from /home/eric/repos/wolfssl-examples/fullstack/freertos-wolfip-wolfmqtt/../../../wolfssl/wolfssl/ssl.h:33,
from /home/eric/repos/wolfssl-examples/fullstack/freertos-wolfip-wolfmqtt/src/mqtt_net.h:26,
from /home/eric/repos/wolfssl-examples/fullstack/freertos-wolfip-wolfmqtt/src/mqtt_net.c:22:
/home/eric/repos/wolfssl-examples/fullstack/freertos-wolfip-wolfmqtt/../../../wolfssl/wolfssl/wolfcrypt/settings.h:3754:14: warning: #warning "For timing resistance / side-channel attack prevention consider using harden options" [-Wcpp]
3754 | #warning "For timing resistance / side-channel attack prevention consider using harden options"
| ^~~~~~~
/home/eric/repos/wolfssl-examples/fullstack/freertos-wolfip-wolfmqtt/src/mqtt_net.c: In function ‘mqtt_tls_init’:
/home/eric/repos/wolfssl-examples/fullstack/freertos-wolfip-wolfmqtt/src/mqtt_net.c:42:57: error: ‘MQTT_TLS_CA_CERT’ undeclared (first use in this function)
42 | if (wolfSSL_CTX_load_verify_locations(mqtt_tls_ctx, MQTT_TLS_CA_CERT, NULL) != SSL_SUCCESS) {
| ^~~~~~~~~~~~~~~~
/home/eric/repos/wolfssl-examples/fullstack/freertos-wolfip-wolfmqtt/src/mqtt_net.c:42:57: note: each undeclared identifier is reported only once for each function it appears in
/home/eric/repos/wolfssl-examples/fullstack/freertos-wolfip-wolfmqtt/src/mqtt_net.c:46:56: error: ‘MQTT_TLS_CLIENT_CERT’ undeclared (first use in this function)
46 | if (wolfSSL_CTX_use_certificate_file(mqtt_tls_ctx, MQTT_TLS_CLIENT_CERT, SSL_FILETYPE_PEM) != SSL_SUCCESS) {
| ^~~~~~~~~~~~~~~~~~~~
/home/eric/repos/wolfssl-examples/fullstack/freertos-wolfip-wolfmqtt/src/mqtt_net.c:50:55: error: ‘MQTT_TLS_CLIENT_KEY’ undeclared (first use in this function)
50 | if (wolfSSL_CTX_use_PrivateKey_file(mqtt_tls_ctx, MQTT_TLS_CLIENT_KEY, SSL_FILETYPE_PEM) != SSL_SUCCESS) {
| ^~~~~~~~~~~~~~~~~~~
make[2]: *** [CMakeFiles/freertos_sim.dir/build.make:244: CMakeFiles/freertos_sim.dir/src/mqtt_net.c.o] Error 1
make[1]: *** [CMakeFiles/Makefile2:111: CMakeFiles/freertos_sim.dir/all] Error 2
make: *** [Makefile:91: all] Error 2
Fix these runtime errors:
Starting FreeRTOS with wolfIP...
Initializing wolfIP...
Initializing TAP device wtap0...
TAP device initialized successfully
Configuring network settings:
IP: 10.10.0.10
Netmask: 255.255.255.0
Gateway: 10.10.0.1
Network configuration complete
Starting wolfIP network task...
Starting UDP echo server...
Starting MQTT client...
Initializing MQTT client with wolfIP...
Failed to load CA certificate
TLS initialization failed
Failed to initialize MQTT network: -8
Failed to initialize MQTT client
The call to MqttClient_Init is failing because the rx_buf and rx_buf_len params are invalid
Can you fix this runtime error?
Starting FreeRTOS with wolfIP...
Initializing wolfIP...
Initializing TAP device wtap0...
TAP device initialized successfully
Configuring network settings:
IP: 10.10.0.10
Netmask: 255.255.255.0
Gateway: 10.10.0.1
Network configuration complete
Starting wolfIP network task...
Starting UDP echo server...
Starting MQTT client...
Initializing MQTT client with wolfIP...
Loading CA certificate from: /home/eric/repos/wolfssl-examples/fullstack/freertos-wolfip-wolfmqtt/../../../wolfssl/certs/ca-cert.pem
Loading client certificate from: /home/eric/repos/wolfssl-examples/fullstack/freertos-wolfip-wolfmqtt/../../../wolfssl/certs/client-cert.pem
Loading client key from: /home/eric/repos/wolfssl-examples/fullstack/freertos-wolfip-wolfmqtt/../../../wolfssl/certs/client-key.pem
TLS initialization successful
MQTT network initialized successfully
MQTT network initialized successfully
UDP Echo Server running on port 7777
MQTT client initialized successfully
Connecting to MQTT broker at 10.10.0.1:8883...
Creating TCP socket...
Socket created successfully
Connecting to 10.10.0.1:8883
IP address: 0a0a0001
Attempting to connect to 10.10.0.1:8883 (IP: 0a0a0001)
Socket connect failed: -11
MQTT client connection failed: -8
(aside) I did more testing with the full stack example yesterday. Still getting connect errors from the wolfMQTT client
Connecting to MQTT broker at 10.10.0.1:8883...
Creating TCP socket...
Socket created successfully
Connecting to 10.10.0.1:8883
IP address: 0a0a0001
Attempting to connect to 10.10.0.1:8883 (IP: 0a0a0001)
Socket connect failed: -11
MQTT client connection failed: -8
The test_mqtt.sh does at least connect to the broker, but is failing with a TLS error:
Starting MQTT subscriber on test/topic with TLS...
Waiting for messages (10 seconds)...
Error: Protocol error
Cleaning up...
./test_mqtt.sh: line 41: kill: (6516) - No such process
Test complete
1741268769: New connection from 10.10.0.1:40202 on port 8883.
1741268769: OpenSSL Error[0]: error:0A000438:SSL routines::tlsv1 alert internal error
1741268769: Client <unknown> disconnected: Protocol error.
Here is the mosquitto config I am using:
listener 8883 10.10.0.1
cafile /home/eric/repos/wolfssl/certs/ca-cert.pem
certfile /home/eric/repos/wolfssl/certs/server-cert.pem
keyfile /home/eric/repos/wolfssl/certs/server-key.pem
tls_version tlsv1.3
require_certificate true
use_identity_as_username true
Devin created this wolfIP PR which seemed ridiculous, so I just closed it: https://github.com/wolfSSL/wolfip/pull/3
I decided to back up a little and just try the https example that Reda reviewed. That is not working for me either, so I must have something configed wrong:
Testing HTTPS server with curl...
* Trying 10.10.0.10:443...
* connect to 10.10.0.10 port 443 from 10.10.0.1 port 60272 failed: No route to host
* Failed to connect to 10.10.0.10 port 443 after 3070 ms: Could not connect to server
* closing connection #0
curl: (7) Failed to connect to 10.10.0.10 port 443 after 3070 ms: Could not connect to server
HTTPS test failed!
(aside) I'm also getting a protocol error on this one. Did not test the final version from 491 review eventually, I'll start from there.
(aside) @embhorn the demo from 491 works for me on master. Perhaps your tap device is not being correctly configured? I'm looking at fixing the issues in this demo now.
Devin is currently unreachable - the session may have died.