I’m using MbedTLS that is built into the NodeMCU firmware for ESP8266 and I am trying to connect to Microsoft Azure IoT Hub and publish sensor data to it via the MQTT protocol.
I have successfully connected securely using a SAS token and Baltimore Root certificate which all works very well.
However, I have run into problems when publishing an MQTT message to Azure. Please see here for an issue I have opened on the GitHub repository that explains this in detail. The general consensus there is that this is a TLS issue and not a NodeMCU issue.
I have noticed that a certain IF statement within the ssl_tls.c file (line 1338) returns true or false intermittently, meaning that unpredictably, the cipher selected is incorrect and therefore badly encrypts the payload to be sent to Azure, I’m assuming. This is then rejected by Azure and my device is kicked offline.
Here is the IF statement that is sometimes true and sometimes false…
if( mode == MBEDTLS_MODE_STREAM ||
( mode == MBEDTLS_MODE_CBC
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
&& ssl->session_out->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED
#endif
) )
It appears that, on an unsuccessful publish/keepalive, I am getting:
MBEDTLS_ERR_SSL_INVALID_MAC - 0x7180 - Verification of the message MAC failed.
…followed by…
client’s data invalid protocol
…then…
MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY - 0x7880 - The peer notified us that the connection is going to be closed.
This falls in line with the fact that the ssl_encrypt_buf
function is to blame. Sometimes the MAC is computed, sometimes not. I cannot see why this would be skipped occasionally.
This occurs randomly, sometimes affecting the MQTT keep-alive (ping) packet too which is basically a mini publish. I need to identify what variable is changing here, causing two different outcomes to exactly the same publish event. Anyone have any ideas?
Many thanks, George