← index #16792Issue #15674
Related · high · value 1.175
QUERY · ISSUE

RP2 2040 MQTT TLS

openby MyRaspberryopened 2025-02-21updated 2025-03-29
bugport-rp2needs-info

Port, board and/or hardware

RPI PICO W

MicroPython version

after MP 1.23 upgrade to newer version
HIVEMQ TLS login fail
also last test
RPI_PICO_W-20250219-v1.25.0-preview.304.g1034b1755.uf2

fallback RPI_PICO_W-20240602-v1.23.0.uf2 works

use lib/
umqtt.simple.py 1.5.0

Reproduction

import ssl
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.verify_mode = ssl.CERT_NONE

mqtt_client = MQTTClient(
client_id=b"somethingreallyrandomanduniquePICOW",
server=secrets.RMQTTBROKER ,
port=0,
user=secrets.RMQTTUSER,
password=secrets.RMQTTPW,
keepalive=7200,
ssl=context,
)

mqtt_client.connect(clean_session=True, timeout=None) # fails with newer MP versions

Expected behaviour

login to HIVEMQ TLS account

works with MP 1.23.0
but not with newer versions

Observed behaviour

File "/lib/umqtt/simple.py", line 66, in connect
OSError: -2

Additional Information

No, I've provided everything above.

Code of Conduct

Yes, I agree

CANDIDATE · ISSUE

SSL Context behaviour various between Raspberry Pi Pico and ESP32 Board

closedby vasili1opened 2024-08-17updated 2024-08-19
bug

Port, board and/or hardware

esp32 port, RPI_PICO_W port

MicroPython version

MicroPython v1.23.0 on 2024-06-02; Generic ESP32 module with ESP32
MicroPython v1.23.0 on 2024-06-02; Raspberry Pi Pico W with RP2040

Reproduction

This issue is related to certificates generated by AWS IoT. You will need to create an AWS Account to reproduce this exact issue. I'm guessing the issue comes up with other certificates but that is my use case currently.

  1. Copy and Paste the code down below in your main.py file
  2. In the aws console search for IoT Core
  3. Create a new thing: AWS IoT Core. Choose "Create single thing". On the first step leave everything as is. On the second step specify a name (doesn't really matter which one). Leave everything as is on the third step.
  4. A pop up will present you with the generated certificates. Download the Device certificate (first one) and the Private key file (third one).
  5. Convert these certificates in DER format with openssl commands down below. You will need to adjust the input file names
  6. Upload the certificates to the device
  7. Run main.py on an esp32 based board and on a pi pico w

main.py

import tls

key = open("private.key.der", "rb").read()
cert = open("certificate.der.crt", "rb").read()

context = tls.SSLContext(tls.PROTOCOL_TLS_CLIENT)
context.load_cert_chain(cert, key)

openssl

openssl pkcs8 -topk8 -nocrypt -in <...-private.pem.key> -inform PEM -out private.key.der -outform DER
openssl x509 -outform der -in <...-certificate.pem.crt> -out certificate.der.crt

Expected behaviour

I expect the main.py to accept the certificates on both platforms (esp32 and pi pico w).

Observed behaviour

The same certificates and main.py with the above mentioned micropython versions produce different behaviour. The esp32 runs the code without any issues. The pico w on the other hand throws an error ValueError: invalid key.

Additional Information

This is only a section of my code from my use-case. I use these certificate to connect to AWS IoT over MQTT at the end of the day. The actual connection to MQTT as well as receiving and sending messages works on esp32 without issues. The pico w board on the other hand doesn't get past this snippet of code.

Code of Conduct

Yes, I agree

Keyboard

j / / n
next pair
k / / p
previous pair
1 / / h
show query pane
2 / / l
show candidate pane
c
copy suggested comment
r
toggle reasoning
g i
go to index
?
show this help
esc
close overlays

press ? or esc to close

copied