V1.10.0 Failed to set client configurations

ossi.laakkonen · January 27, 2022, 7:48am

I updated gateway to 1.10.0 and cannot use MQTT anymore. See error below. I’m using MQTT over SSL.

I (64673) MQTT: [mqtt_task] MQTT_EVENT_BEFORE_CONNECT
W (64695) ADV_POST_TASK: [rx_parse_task] Can’t send, MQTT is not connected yet
E (64731) esp-tls-mbedtls: No server verification option set in esp_tls_cfg_t structure. Check esp_tls API reference
E (64732) esp-tls-mbedtls: Failed to set client configurations
E (64738) esp-tls: create_ssl_handle failed
E (64745) esp-tls: Failed to open new connection
E (64748) TRANS_SSL: Failed to open a new connection
E (64754) MQTT_CLIENT: Error transport connect
I (64759) MQTT: [mqtt_task] MQTT_EVENT_ERROR
I (64764) MQTT: [mqtt_task] MQTT_EVENT_DISCONNECTED

otso · January 27, 2022, 8:19am

Hello and sorry about the problem.

How have you created the SSL certificate for your MQTT server? We had a change in SSL certificate validation between 1.9 and 1.10

ossi.laakkonen · January 27, 2022, 8:26am

I’m using Azure IoT Hub as MQTT server and SAS token as password (Understand Azure IoT Hub MQTT support | Microsoft Docs). There has not been any need to create certificates manually.

otso · January 27, 2022, 8:30am

Thanks.

You can use manual-only updates and install v1.9.2 while we figure it out.

@Marko Please test MQTT with the mosquito server and SSL
@Alexey_Skvortsov2 Your thoughts on this? Is it because of bundled certificates or something else?

ossi.laakkonen · January 27, 2022, 8:38am

Returned back to old version and now I have working system.

Thanks for quick response!

Alexey_Skvortsov2 · January 27, 2022, 10:17am

The bundled certificates are used only by http client.
I assume that the problem appeared after updating ESP-IDF, now it requires an explicit setting of SSL verification:

esp-tls-mbedtls: No server verification option set in esp_tls_cfg_t structure

otso · February 3, 2022, 10:48am

Hi @ossi.laakkonen,

Your issue is now fixed in v1.10.1 which is going to beta testers now and everyone two weeks later.
Thank you for helping us test the v1.10.0 and catching this issue. We’d like to send you a gift as a thank you for the effort, please send your contact information and this forum thread to sales@ruuvi.com and we’ll take things from there

ossi.laakkonen · March 3, 2022, 11:02am

Just tested v1.11.2 and TSL error still exists.

E (23793) MQTT_CLIENT: Certificate bundle feature is not available in IDF version v4.2.2
E (23852) esp-tls-mbedtls: No server verification option set in esp_tls_cfg_t structure. Check esp_tls API reference
E (23853) esp-tls-mbedtls: Failed to set client configurations
E (23859) esp-tls: create_ssl_handle failed
E (23866) esp-tls: Failed to open new connection
E (23869) TRANS_SSL: Failed to open a new connection
E (23875) MQTT_CLIENT: Error transport connect
I (23881) MQTT: [mqtt_task] MQTT_EVENT_ERROR
I (23885) MQTT: [mqtt_task] MQTT_EVENT_DISCONNECTED

BR,
Ossi

otso · March 3, 2022, 11:20am

Thank you for the report.

This is related to ESP-SDK versions, the newest SDK where TLS is fixed breaks the Bluetooth amplifier control, leading to lower signal levels.

As a solution, you can use v1.11.1 and set updates to manual only. However this will drop the RSSI by ~12 dB. We’re looking into how to fix the Bluetooth amplifier in newer SDKs, but we need Espressif to patch some things on their side so I cannot promise timeline for the fix.

@Alexey_Skvortsov2 is this issue fixable in ESP-SDK 4.2.2?