0

I have an ESP32 IDF project using version 5.5.0 and WiFi Mesh

My project uses MQTTS currently with Eclipse Broker (using TLS). It also supports OTA updates from an HTTPS server (again TLS)

Can I use both of these at the same time with different certificate PEM files or must these be the same?

I am finding I can run MQTT over TCP and OTA on HTTPS at the same time successfully. But if I switch to MQTTS - TLS my OTA HTTPS connection fails as follows:

W (11:14:05.778) aOTAHttps: OTA HTTPS Task running. Free Stack NOT used (bytes): 3716
E (11:14:05.797) esp-tls-mbedtls: mbedtls_ssl_setup returned -0x7F00
E (11:14:05.799) esp-tls: create_ssl_handle failed
E (11:14:05.800) esp-tls: Failed to open new connection
E (11:14:05.801) transport_base: Failed to open a new connection
E (11:14:05.804) HTTP_CLIENT: Connection failed, sock < 0
E (11:14:05.807) esp_https_ota: ESP HTTP client perform failed: 28674
E (11:14:05.809) aOTAHttps: ESP HTTPS OTA Begin failed
I (11:14:05.811) aOTAHttps: OTA image size: -1
E (11:14:05.812) esp_https_ota: esp_https_ota_get_img_desc: Invalid argument
I (11:14:05.813) aOTAHttps: Reading Image Description
E (11:14:05.813) aOTAHttps: esp_https_ota_read_img_desc failed
E (11:14:05.816) aOTAHttps: OTA abort

My HTTPS config extract looks includes this:

esp_mqtt_client_config_t mqtt5_cfg = {};
        brokerAddress = "mqtts://mqtt.eclipseprojects.io:8883";
        mqtt5_cfg.broker.address.uri = brokerAddress.c_str();
        mqtt5_cfg.broker.verification.certificate = (const char *)mqtt5_HiveHQ_io_pem_start;
        mqtt5_cfg.credentials.username = "uName";
        mqtt5_cfg.credentials.authentication.password = "Pass_2345";

My OTA config extract looks includes this:

esp_http_client_config_t config = {
    .url = CONFIG_EXAMPLE_FIRMWARE_UPGRADE_URL,
    .cert_pem = (char *)server_cert_pem_start,
    .timeout_ms = CONFIG_EXAMPLE_OTA_RECV_TIMEOUT,
    .keep_alive_enable = true,
};

See attached:

MQTT certificate = mqtt5_HiveHQ_io.pem

OTA HTTPS certificate = ca_cert.pem

Improve this question
4
  • Are they on different ports? Commented Jun 21 at 23:34
  • 2
    -0x7F00 = "MBEDTLS_ERR_SSL_ALLOC_FAILED", so it appears you are low on RAM (this may help). Commented Jun 22 at 4:36
  • Yes they are on different ports. Low RAM was the issue - thanks Brits. I have configured menu config to make PSRAM allocatable using malloc as well which has fixed it but my free RAM is pretty low during OTA. I am a bit reluctant to set it to "Integrate PSRAM into main memory". I am using ESP32-S3 with Octel PS-RAM. Should I be ok to do this? Opinions / advice appreciated. Thanks again. Commented Jun 24 at 0:54
  • Do you need to connect concurrently? Consider delivering an update notification via MQTT, upon receipt disconnect MQTT and then perform the firmware download/update (I'd guess this will require a restart anyway). Commented Jun 24 at 23:12
Related questions
1
ESP32 MQTT with TLS not working with NATS MQTT
1
Error [0x8015] (ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED) esp32
0
How to avoid the ca cert in the mosquitto pub and sub for ESP32
Load 4 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.