Google iot core library and ethernet shield

Yeah absolutely, I don’t know what the person publishing https://github.com/stevenlianyi/EthernetClientSecure thought but this is not usable an in Ethernet-only environment. It expects WiFi to be there and goes through LWIP and WiFi functions to open sockets and resolve hostnames…

Joined LAN with IP 192.168.0.45

Starting connection to server www.howsmyssl.com
[V][ssl_client.cpp:59] start_ssl_client(): Free internal heap before TLS 367352
[V][ssl_client.cpp:61] start_ssl_client(): Starting socket
assertion "Invalid mbox" failed: file "/home/runner/work/esp32-arduino-lib-builder/esp32-arduino-lib-builder/esp-idf/components/lwip/lwip/src/api/tcpip.c", line 374, function: tcpip_send_msg_wait_sem
abort() was called at PC 0x400da03f on core 1

ELF file SHA256: 0000000000000000

Backtrace: 0x4008513c:0x3ffb1b90 0x400853b9:0x3ffb1bb0 0x400da03f:0x3ffb1bd0 0x4010b4ef:0x3ffb1c00 0x4010b325:0x3ffb1c30 0x4010b358:0x3ffb1c50 0x40105c58:0x3ffb1c90 0x400d5a9f:0x3ffb1cb0 0x400d5769:0x3ffb1f20 0x400d58b1:0x3ffb1f50 0x400d1b11:0x3ffb1f70 0x400d7c91:0x3ffb1fb0 0x400863ca:0x3ffb1fd0
  #0  0x4008513c:0x3ffb1b90 in invoke_abort at /home/runner/work/esp32-arduino-lib-builder/esp32-arduino-lib-builder/esp-idf/components/esp32/panic.c:715
  #1  0x400853b9:0x3ffb1bb0 in abort at /home/runner/work/esp32-arduino-lib-builder/esp32-arduino-lib-builder/esp-idf/components/esp32/panic.c:715
  #2  0x400da03f:0x3ffb1bd0 in __assert_func at /Users/ivan/e/newlib_xtensa-2.2.0-bin/newlib_xtensa-2.2.0/xtensa-esp32-elf/newlib/libc/stdlib/../../../.././newlib/libc/stdlib/assert.c:63 (discriminator 8) 
  #3  0x4010b4ef:0x3ffb1c00 in tcpip_send_msg_wait_sem at /home/runner/work/esp32-arduino-lib-builder/esp32-arduino-lib-builder/esp-idf/components/lwip/lwip/src/api/tcpip.c:374 (discriminator 1)
  #4  0x4010b325:0x3ffb1c30 in netconn_apimsg at /home/runner/work/esp32-arduino-lib-builder/esp32-arduino-lib-builder/esp-idf/components/lwip/lwip/src/api/api_lib.c:308
  #5  0x4010b358:0x3ffb1c50 in netconn_new_with_proto_and_callback at /home/runner/work/esp32-arduino-lib-builder/esp32-arduino-lib-builder/esp-idf/components/lwip/lwip/src/api/api_lib.c:308
  #6  0x40105c58:0x3ffb1c90 in lwip_socket at /home/runner/work/esp32-arduino-lib-builder/esp32-arduino-lib-builder/esp-idf/components/lwip/lwip/src/api/sockets.c:3508
  #7  0x400d5a9f:0x3ffb1cb0 in start_ssl_client(sslclient_context*, char const*, unsigned int, int, char const*, char const*, char const*, char const*, char const*) at lib\EthernetClientSecure\src/ssl_client.cpp:408
  #8  0x400d5769:0x3ffb1f20 in EthernetClientSecure::connect(char const*, unsigned short, char const*, char const*, char const*) at lib\EthernetClientSecure\src/EthernetClientSecure.cpp:333
  #9  0x400d58b1:0x3ffb1f50 in EthernetClientSecure::connect(char const*, unsigned short) at lib\EthernetClientSecure\src/EthernetClientSecure.cpp:333
  #10 0x400d1b11:0x3ffb1f70 in loop() at src/main.cpp:100 (discriminator 6)
  #11 0x400d7c91:0x3ffb1fb0 in loopTask(void*) at C:\Users\Max\.platformio\packages\framework-arduinoespressif32\cores\esp32/main.cpp:23
  #12 0x400863ca:0x3ffb1fd0 in vPortTaskWrapper at /home/runner/work/esp32-arduino-lib-builder/esp32-arduino-lib-builder/esp-idf/components/freertos/port.c:355 (discriminator 1)

But it might a good start.

On the other hand, EthernetWebServer_SSL/src/SSLClient at main · khoih-prog/EthernetWebServer_SSL · GitHub looks for a more complete and advertises ENC28J60 compatibility, let’s try that…

Yeah the library GitHub - OPEnSLab-OSU/SSLClient: 🔒Add SSL/TLS functionality to any Arduino library (which also seems to be used in EthernetWebServer_SSL) can do a basic TLS/SSL connection with BearSSL and the ethernet library.

Starting connection to server www.howsmyssl.com
Connected to server!
headers received
{"given_cipher_suites":["TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"],"ephemeral_keys_supported":true,"session_ticket_supported":false,"tls_compression_supported":false,"unknown_cipher_suite_supported":false,"beast_vuln":false,"able_to_detect_n_minus_one_splitting":false,"insecure_cipher_suites":{},"tls_version":"TLS 1.2","rating":"Probably Okay"}

Let’s see if this is enough for Google IoT…

Ok @maxgerhardt thanks for trying that library… it was hard to try ?
Can you put the working example you tried in a github repo?
In your opinion using this lib that is working can we create the ethernetclientsecure class that we need in the google cloud lib?

device = new CloudIoTCoreDevice(project_id, location, registry_id, device_id, private_key_str);
setupWifi();
netClient = new WiFiClientSecure();
((WiFiClientSecure *)netClient)->setCACert(root_cert);
mqttClient = new MQTTClient(buffer_size);
mqttClient->setOptions(keepAlive, true, timeout);
mqtt = new CloudIoTCoreMqtt(mqttClient, netClient, device);
mqtt->setUseLts(true);
mqtt->startMQTT();

Thanks a lot as usual

The HTTPS client example is at GitHub - maxgerhardt/pio-eth-ssl-example, I’m currently working on GitHub - maxgerhardt/pio-eth-google-iot-core-example: Uses an ENC28J60 to connect to Google IoT systems.

Can you try with the latest repo above?

I get a successfull TLS connection but the Google MQTT server disconnects me after trying to authenticate with wrong credentials. I tried creating a Google IoT free trial account but it won’t accept my PayPal and wants a credit card, which I really don’t want to put in there.

Right now I get

Current date + time: 04/15/22 - 06:35PM
NTP sync time sanity check passed.
Waiting for LAN cable connected.. good.
Connecting...
Refreshing JWT
(SSLClient)(SSL_INFO)(connect): Base client connected!
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State: 
   SENDREC
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State:
   RECVREC
(SSLClient)(SSL_INFO)(m_run_until): m_run changed state:
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State:
   RECVREC
(SSLClient)(SSL_INFO)(m_run_until): Expected bytes count:
(SSLClient)(SSL_INFO)(m_run_until): 5
(SSLClient)(SSL_INFO)(m_run_until): Expected bytes count: 
(SSLClient)(SSL_INFO)(m_run_until): 1107
(SSLClient)(SSL_INFO)(m_run_until): Expected bytes count: 
(SSLClient)(SSL_INFO)(m_run_until): 595
(SSLClient)(SSL_INFO)(m_run_until): Expected bytes count: 
(SSLClient)(SSL_INFO)(m_run_until): 83
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State: 
   SENDREC
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State: 
   RECVREC
(SSLClient)(SSL_INFO)(m_run_until): Expected bytes count:
(SSLClient)(SSL_INFO)(m_run_until): 5
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State: 
   RECVREC
   SENDAPP
(SSLClient)(SSL_INFO)(m_run_until): m_run changed state:
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State:
   RECVREC
   SENDAPP
(SSLClient)(SSL_INFO)(m_start_ssl): Connection successful!
(SSLClient)(SSL_INFO)(m_run_until): m_run changed state:
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State:
   RECVREC
   SENDAPP
(SSLClient)(SSL_INFO)(m_run_until): Expected bytes count:
(SSLClient)(SSL_INFO)(m_run_until): 5
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State:
   SENDAPP
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State:
   SENDREC
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State:
   RECVREC
   SENDAPP
(SSLClient)(SSL_WARN)(connected): Socket was dropped unexpectedly (this can be an alternative to closing the connection)
not connected
Settings incorrect or missing a cypher for SSL
Connect with mqtt.2030.ltsapis.goog:8883
ClientId: projects/project-id/locations/us-central1/registries/my-registry/devices/my-esp32-device
Waiting 60 seconds, retry will likely fail

The

(SSLClient)(SSL_INFO)(m_start_ssl): Connection successful!

Is a successfull TLS tunnel establishment, and then the app (the lightweight MQTT client) sends something and then gets disconnected.

Please update the ciotc_config.h locally and try if you get a different result.

Thanks a lot @maxgerhardt .
Happy Easter
I will try the repo asap…

Hi @maxgerhardt I tried the first repo just ethernet + ssl and I got the following issue

Starting connection to server www.howsmyssl.com
Connected to server!
headers received
{"given_cipher_suites":["TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"],"ephemeral_keys_supported":true,"session_ticket_supported":false,"tls_compression_supported":false,"unknown_cipher_suite_supported":false,"beast_vuln":false,"able_to_detect_n_minus_one_splitting":false,"insecure_cipher_suites":{},"tls_version":"TLS 1.2","rating":"Probably Okay"}(SSLClient)(SSL_ERROR)(m_update_engine): Error writing to m_client
(SSLClient)(SSL_ERROR)(m_update_engine): 0
(SSLClient)(SSL_WARN)(connected): Socket was dropped unexpectedly (this can be an alternative to closing the connection)
(SSLClient)(SSL_ERROR)(connected): Not connected because write error is set
(SSLClient)(SSL_ERROR)(m_print_ssl_error): SSL_CLIENT_WRITE_FAIL  
(SSLClient)(SSL_ERROR)(available): SSL engine failed to update.   

(SSLClient)(SSL_ERROR)(connected): Not connected because write error is set
(SSLClient)(SSL_ERROR)(m_print_ssl_error): SSL_CLIENT_WRITE_FAIL

This is the response from the server, meaning it worked. The howsmyssl just disconnects every client itself after sending out the response, which is weird but okay.

So that worked.

Thank a lot @maxgerhardt
I thought it was an issue because you had a different reply for the moment happy easter …
I will update you with the test of the second repo

Simone

@maxgerhardt I have tried the second repo with my credentials…
Feel fre to use the board info you find here and connect with wifi example

Google IoT Core Ethernet Example
Trying to recognize hardware and join via DHCP…
Got out of Ethernet.begin.
Joined LAN with IP 192.168.0.33
Starting LAN
Waiting on time sync…
NTP update okay!
It is: 16:41:00
Unix time: 1650127260
settimeofday() successful.
Current date + time: 04/16/22 - 04:41PM
NTP sync time sanity check passed.
Waiting for LAN cable connected… good.
Connecting…
Refreshing JWT
(SSLClient)(SSL_INFO)(connect): Base client connected!
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State:
SENDREC
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State:
RECVREC
(SSLClient)(SSL_INFO)(m_run_until): m_run changed state:
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State:
RECVREC
(SSLClient)(SSL_INFO)(m_run_until): Expected bytes count:
(SSLClient)(SSL_INFO)(m_run_until): 5
(SSLClient)(SSL_INFO)(m_run_until): Expected bytes count:
(SSLClient)(SSL_INFO)(m_run_until): 1107
(SSLClient)(SSL_INFO)(m_run_until): Expected bytes count:
(SSLClient)(SSL_INFO)(m_run_until): 595
(SSLClient)(SSL_INFO)(m_run_until): Expected bytes count:
(SSLClient)(SSL_INFO)(m_run_until): 83
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State:
SENDREC
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State:
RECVREC
(SSLClient)(SSL_INFO)(m_run_until): Expected bytes count:
(SSLClient)(SSL_INFO)(m_run_until): 5
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State:
RECVREC
SENDAPP
(SSLClient)(SSL_INFO)(m_run_until): m_run changed state:
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State:
RECVREC
SENDAPP
(SSLClient)(SSL_INFO)(m_start_ssl): Connection successful!
(SSLClient)(SSL_INFO)(m_run_until): m_run changed state:
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State:
RECVREC
SENDAPP
(SSLClient)(SSL_INFO)(m_run_until): Expected bytes count:
(SSLClient)(SSL_INFO)(m_run_until): 5
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State:
SENDAPP
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State:
SENDREC
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State:
RECVREC
SENDAPP
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State:
RECVREC
(SSLClient)(SSL_INFO)(m_print_br_state): (SSLClient)(SSL_INFO)(m_print_br_state): State:
RECVAPP
not connected
Settings incorrect or missing a cypher for SSL
Connect with mqtt.2030.ltsapis.goog:8883
ClientId: projects/systel-iot-020222/locations/europe-west1/registries/warehouse-01/devices/board_2022704
Waiting 60 seconds, retry will likely fail

I can share here the info for my board that is working using the wifi with google cloud iot

/******************************************************************************
 * Copyright 2018 Google
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *****************************************************************************/
// This file contains your configuration used to connect to Cloud IoT Core

// Cloud iot details.
const char *project_id = "systel-iot-020222";
const char *location = "europe-west1";
const char *registry_id = "warehouse-01";
const char *device_id = "board_2022704";

// Configuration for NTP
const char *ntp_primary = "pool.ntp.org";
const char *ntp_secondary = "time.nist.gov";

#ifndef LED_BUILTIN
#define LED_BUILTIN 13
#endif

// To get the private key run (where private-key.pem is the ec private key
// used to create the certificate uploaded to google cloud iot):
// openssl ec -in <private-key.pem> -noout -text
// and copy priv: part.
// The key length should be exactly the same as the key length bellow (32 pairs
// of hex digits). If it's bigger and it starts with "00:" delete the "00:". If
// it's smaller add "00:" to the start. If it's too big or too small something
// is probably wrong with your key.
const char *private_key_str =
    "58:da:94:64:15:29:fd:c6:5b:b0:a1:1d:a9:3f:e0:1f:4c:c8:4c:88:c6:b5:42:49:a9:a6:9a:9a:78:3d:b3:f3";

// Time (seconds) to expire token += 20 minutes for drift
const int jwt_exp_secs = 60 * 20; // Maximum 24H (3600*24)

// To get the certificate for your region run:
//   openssl s_client -showcerts -connect mqtt.googleapis.com:8883
// for standard mqtt or for LTS:
//   openssl s_client -showcerts -connect mqtt.2030.ltsapis.goog:8883
// Copy the certificate (all lines between and including ---BEGIN CERTIFICATE---
// and --END CERTIFICATE--) to root.cert and put here on the root_cert variable.

// Alternatively, get Google's minimal root CA set for mqtt.2030.ltsapis.goog.
// https://cloud.google.com/iot/docs/how-tos/mqtt-bridge#downloading_mqtt_server_certificates
//   wget https://pki.goog/gtsltsr/gtsltsr.crt
//   openssl x509 -inform DER -in gtsltsr.crt -out primary.pem -text

// !! CHANGING THIS HAS NO EFFECT!! UPDATE CERTIFICATES.H INSTEAD !!

#define CERTIFICATE                                                        \
    "-----BEGIN CERTIFICATE-----\r\n"                                      \
    "MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk\r\n" \
    "MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH\r\n" \
    "bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX\r\n" \
    "DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD\r\n" \
    "QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu\r\n" \
    "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ\r\n" \
    "FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw\r\n" \
    "DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F\r\n" \
    "uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX\r\n" \
    "kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs\r\n" \
    "ewv4n4Q=\r\n"                                                         \
    "-----END CERTIFICATE-----\r\n"                                        \
    "-----BEGIN CERTIFICATE-----\r\n"                                      \
    "MIIBxTCCAWugAwIBAgINAfD3nVndblD3QnNxUDAKBggqhkjOPQQDAjBEMQswCQYD\r\n" \
    "VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzERMA8G\r\n" \
    "A1UEAxMIR1RTIExUU1IwHhcNMTgxMTAxMDAwMDQyWhcNNDIxMTAxMDAwMDQyWjBE\r\n" \
    "MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM\r\n" \
    "QzERMA8GA1UEAxMIR1RTIExUU1IwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATN\r\n" \
    "8YyO2u+yCQoZdwAkUNv5c3dokfULfrA6QJgFV2XMuENtQZIG5HUOS6jFn8f0ySlV\r\n" \
    "eORCxqFyjDJyRn86d+Iko0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw\r\n" \
    "AwEB/zAdBgNVHQ4EFgQUPv7/zFLrvzQ+PfNA0OQlsV+4u1IwCgYIKoZIzj0EAwID\r\n" \
    "SAAwRQIhAPKuf/VtBHqGw3TUwUIq7TfaExp3bH7bjCBmVXJupT9FAiBr0SmCtsuk\r\n" \
    "miGgpajjf/gFigGM34F9021bCWs1MbL0SA==\r\n"                             \
    "-----END CERTIFICATE-----\r\n"

const char *root_cert = CERTIFICATE;

// In case we ever need extra topics
const int ex_num_topics = 0;
const char *ex_topics[ex_num_topics];
// const int ex_num_topics = 1;
// const char* ex_topics[ex_num_topics] = {
//   "/devices/my-device/tbd/#"
// };

The only big difference in the code is here …

the ethernet version

  setupLan();
  netClient = sslClient; //= new WiFiClientSecure();
  // already handled by initializing the sslClient with the proper certificate
  // netClient->setCACert(root_cert);
  mqttClient = new MQTTClient(512);
  mqttClient->setOptions(180, true, 1000); // keepAlive, cleanSession, timeout
  mqtt = new CloudIoTCoreMqtt(mqttClient, netClient, device);
  // decides whether to use mqtt.2030.ltsapis.goog or mqtt.googleapis.com
  // both port 8883
  mqtt->setUseLts(true);
  mqtt->startMQTT();

and the wifi working version in my code

 device = new CloudIoTCoreDevice(project_id, location, registry_id, device_id, private_key_str);
  setupWifi();
  netClient = new WiFiClientSecure();
  ((WiFiClientSecure *)netClient)->setCACert(root_cert);
  mqttClient = new MQTTClient(buffer_size);
  mqttClient->setOptions(keepAlive, true, timeout);
  mqtt = new CloudIoTCoreMqtt(mqttClient, netClient, device);
  mqtt->setUseLts(true);
  mqtt->startMQTT();

The big difference seems in the setting of the rootcert in the netclient class…

Moreover this if it can help

What do you think ?

Thanks a lot

Simone

Thanks, with that information I can do a comparison of what goes wrong when it connects via WiFi vs Ethernet. Right now what I see is that the MQTT client seems to disconnect after reading google’s response

SSLClient::write()
00000000: 10 C3 02 00 04 4D 51 54 54 04 C2 00 B4 00 5F 70  .�...MQTT.�.�._p
00000010: 72 6F 6A 65 63 74 73 2F 73 79 73 74 65 6C 2D 69  rojects/systel-i
[...]
00000140: 50 30 55 46 78 77                                P0UFxw

SSLClient::read()
00000000: 20

SSLClient::read()
00000000: 02                                               .

SSLClient::read()
00000000: 00 04                                            ..
not connected

When I see it sending / receiving different things via WiFi or decode these MQTT messages I might get an idea of what’s wrong…

Interesting, the decoded data in the MQTT protocol after it sends the “connect” packet via Ethernet is just: “bad username or password”. But I can decode all data nicely in Wireshark now.

grafik791×578 29.8 KB

YES, success!!

After inspecting the transmitter password, which is a JWT token

grafik791×651 38.1 KB

with https://jwt.io/ it becomes clear that the “issued at” (iat) field is in the future

And so Google refuses this token.

The cause of this is that the NTP sync code added a +1h offset to the synchronization, which is currently wrong (but might an issue later with daylight savings time?).

After correcting this mistake, I see it happily downloading its config and transmitting “sensor data” (aka, a constant string)

00000000: 00 1D 2F 64 65 76 69 63 65 73 2F 62 6F 61 72 64  ../devices/board
00000010: 5F 32 30 32 32 37 30 34 2F 63 6F 6E 66 69 67 00  _2022704/config.
00000020: 01                                               .
incoming: /devices/board_2022704/config -
..
00000000: 30 29 00 1D 2F 64 65 76 69 63 65 73 2F 62 6F 61  0)../devices/boa
00000010: 72 64 5F 32 30 32 32 37 30 34 2F 65 76 65 6E 74  rd_2022704/event
00000020: 73 4C 41 4E 3A 20 39 39 20 64 62                 sLAN: 99 db

Could you try using the latest version of the repo again without any changes and see if stuff in your Google IoT console appears?

Yes @maxgerhardt … I try it now…

00000000: 30 29 00 1D 2F 64 65 76 69 63 65 73 2F 62 6F 61 0)…/devices/boa
00000010: 72 64 5F 32 30 32 32 37 30 34 2F 65 76 65 6E 74 rd_2022704/event
00000020: 73 4C 41 4E 3A 20 39 39 20 64 62 sLAN: 99 db

MAX YOU ARE A HERO AND GENIUS AS WELL…

The only thing to understand why I have always failed connection at first attempt…

Refreshing JWT
(SSLClient)(SSL_ERROR)(connect): Failed to connect using m_client. Are you connected to the internet?
(SSLClient)(SSL_ERROR)(connected): Not connected because write error is set
(SSLClient)(SSL_ERROR)(m_print_ssl_error): SSL_CLIENT_CONNECT_FAIL
not connected
(SSLClient)(SSL_ERROR)(connected): Not connected because write error is set
(SSLClient)(SSL_ERROR)(m_print_ssl_error): SSL_CLIENT_CONNECT_FAIL
Settings incorrect or missing a cypher for SSL
(SSLClient)(SSL_ERROR)(connected): Not connected because write error is set
(SSLClient)(SSL_ERROR)(m_print_ssl_error): SSL_CLIENT_CONNECT_FAIL
Connect with mqtt.2030.ltsapis.goog:8883

Then resetting the board it connects

Ok sometimes it is not able to connect at first attempt but it is enough to set the time to retry… No issues

Looking good

Hm the connect_lan() method can be improved to wait until internet is fully available I think. Right now it just waits for ethernet link (and the previous code waits for DHCP join and technically already covers link connected).