所以我花了很长时间才弄清楚如何解决这个问题。主要问题是我使用的是旧版本的 BearSSL,但我无法更新它。为了避免这个问题,我使用我的加密信息创建文件,并使用这些文件创建与 AWS iot 的安全连接。此外,我不使用 MQTT 来传输我的指标,而是使用 REST 端点。我确信这不是一个最佳解决方案,但它到目前为止有效。这是我的做法。首先要了解的事情:
- net 是 WiFiClientSecure 的一个实例: BearSSL::WiFiClientSecure net = BearSSL::WiFiClientSecure();
我的加密信息(密钥、CACert、证书)如下所示:
const char AWS_CA_CERT[]="-----BEGIN CERTIFICATE-----\n" \
...
"rqXRfboQnoZsG4q5WTP468SQvvG5\n" \
"-----END CERTIFICATE-----";
建立 Wifi 连接后,我执行以下操作来建立安全连接:
bool establishSecureConnection()
{
if (!SPIFFS.begin())
{
Serial.println("An Error has occurred while mounting SPIFFS");
return false;
}
File tempCA = SPIFFS.open("/ca.crt", "w");
File tempCert = SPIFFS.open("/cert.crt", "w");
File tempKey = SPIFFS.open("/cert.priv", "w");
if (!tempCA || !tempCert || !tempKey)
{
Serial.println("There was an error opening the file for writing");
return false;
}
if (tempCA.print(AWS_CA_CERT))
{
Serial.println("Ca File was written");
}
else
{
Serial.println("Ca File write failed");
}
tempCA.close();
if (tempCert.print(AWS_CERT))
{
Serial.println("cert File was written");
}
else
{
Serial.println("cert File write failed");
}
tempCert.close();
if (tempKey.print(AWS_PRIVATE_KEY))
{
Serial.println("key File was written");
}
else
{
Serial.println("key File write failed");
}
tempKey.close();
File ca = SPIFFS.open("/ca.crt", "r");
if (!ca)
{
Serial.println("Failed to open ca file for reading");
return false;
}
File cert = SPIFFS.open("/cert.crt", "r");
if (!cert)
{
Serial.println("Failed to open cert file for reading");
return false;
}
File pk = SPIFFS.open("/cert.priv", "r");
if (!pk)
{
Serial.println("Failed to open pk file for reading");
return false;
}
if (net.loadCACert(ca))
{
Serial.println("Successfully loaded ca");
}
else
{
Serial.println("Could not load ca");
return false;
}
if (net.loadCertificate(cert))
{
Serial.println("Successfully loaded cert");
}
else
{
Serial.println("Could not load cert");
return false;
}
if (net.loadPrivateKey(pk))
{
Serial.println("Successfully loaded pk");
}
else
{
Serial.println("Could not load pk");
return false;
}
net.setTimeout(20000);
if (!net.connect(AWS_IOT_ENDPOINT, 8443))
{
Serial.println("connection failed");
char err_buf[1024];
Serial.println(net.getLastSSLError(err_buf, 1024));
Serial.printf("ssl_error: %s\n", err_buf);
return false;
}
else
{
Serial.println("Connected to AWS!");
}
return true;
}