diff --git a/include/net/mqtt.h b/include/net/mqtt.h index 8105b638747..997c2eba4b7 100644 --- a/include/net/mqtt.h +++ b/include/net/mqtt.h @@ -71,6 +71,28 @@ struct mqtt_ctx { char *peer_addr_str; u16_t peer_port; +#if defined(CONFIG_MQTT_LIB_TLS) + /** TLS parameters */ + u8_t *request_buf; + size_t request_buf_len; + u8_t *personalization_data; + size_t personalization_data_len; + char *cert_host; + + /** TLS thread parameters */ + struct k_mem_pool *tls_mem_pool; + u8_t *tls_stack; + size_t tls_stack_size; + + /** TLS callback */ + net_app_ca_cert_cb_t cert_cb; + net_app_entropy_src_cb_t entropy_src_cb; + + /** TLS handshake */ + struct k_sem tls_hs_wait; + s32_t tls_hs_timeout; +#endif + /** Callback executed when a MQTT CONNACK msg is received and validated. * If this function pointer is not used, must be set to NULL. */ diff --git a/samples/net/mqtt_publisher/prj_frdm_k64f_tls.conf b/samples/net/mqtt_publisher/prj_frdm_k64f_tls.conf new file mode 100644 index 00000000000..b76843f6d24 --- /dev/null +++ b/samples/net/mqtt_publisher/prj_frdm_k64f_tls.conf @@ -0,0 +1,44 @@ +CONFIG_NETWORKING=y +CONFIG_NET_TCP=y +CONFIG_RANDOM_GENERATOR=y +CONFIG_NET_ARP=y +CONFIG_NET_L2_ETHERNET=y +CONFIG_NET_LOG=y +CONFIG_INIT_STACKS=y + +CONFIG_NET_PKT_RX_COUNT=16 +CONFIG_NET_PKT_TX_COUNT=16 +CONFIG_NET_BUF_RX_COUNT=16 +CONFIG_NET_BUF_TX_COUNT=16 + +CONFIG_NET_IPV6_RA_RDNSS=y +CONFIG_NET_IF_UNICAST_IPV4_ADDR_COUNT=3 + +CONFIG_PRINTK=y +#CONFIG_NET_DEBUG_NET_PKT=y + +CONFIG_NET_IPV4=n +# Enable IPv6 support +CONFIG_NET_IPV6=y + +# Enable the MQTT Lib +CONFIG_MQTT_LIB=y +CONFIG_MQTT_LIB_TLS=y + +CONFIG_NET_APP_SETTINGS=y +CONFIG_NET_APP_MY_IPV6_ADDR="2001:db8::1" +CONFIG_NET_APP_PEER_IPV6_ADDR="2001:db8::2" + +CONFIG_NET_APP_MY_IPV4_ADDR="192.168.1.101" +CONFIG_NET_APP_PEER_IPV4_ADDR="192.168.1.10" + +CONFIG_MAIN_STACK_SIZE=2048 + +# For IPv6 +CONFIG_NET_BUF_DATA_SIZE=256 + +CONFIG_MBEDTLS=y +CONFIG_MBEDTLS_BUILTIN=y +CONFIG_MBEDTLS_ENABLE_HEAP=y +CONFIG_MBEDTLS_HEAP_SIZE=30000 +CONFIG_MBEDTLS_CFG_FILE="config-mini-tls1_2.h" diff --git a/samples/net/mqtt_publisher/src/config.h b/samples/net/mqtt_publisher/src/config.h index 2bfa295732e..b46ee6d1bdd 100644 --- a/samples/net/mqtt_publisher/src/config.h +++ b/samples/net/mqtt_publisher/src/config.h @@ -25,7 +25,11 @@ #endif #endif +#ifdef CONFIG_MQTT_LIB_TLS +#define SERVER_PORT 8883 +#else #define SERVER_PORT 1883 +#endif #define APP_SLEEP_MSECS 500 #define APP_TX_RX_TIMEOUT 300 diff --git a/samples/net/mqtt_publisher/src/main.c b/samples/net/mqtt_publisher/src/main.c index c85d643a469..363b08f3704 100644 --- a/samples/net/mqtt_publisher/src/main.c +++ b/samples/net/mqtt_publisher/src/main.c @@ -67,6 +67,64 @@ static struct mqtt_client_ctx client_ctx; /* This routine sets some basic properties for the network context variable */ static int network_setup(void); +#if defined(CONFIG_MQTT_LIB_TLS) + +#include "test_certs.h" + +/* TLS */ +#define TLS_SNI_HOSTNAME "localhost" +#define TLS_REQUEST_BUF_SIZE 1500 +#define TLS_PRIVATE_DATA "Zephyr TLS mqtt publisher" + +static u8_t tls_request_buf[TLS_REQUEST_BUF_SIZE]; + +NET_STACK_DEFINE("mqtt_tls_stack", tls_stack, + CONFIG_NET_APP_TLS_STACK_SIZE, CONFIG_NET_APP_TLS_STACK_SIZE); + +NET_APP_TLS_POOL_DEFINE(tls_mem_pool, 30); + +int setup_cert(struct net_app_ctx *ctx, void *cert) +{ +#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) + mbedtls_ssl_conf_psk(&ctx->tls.mbedtls.conf, + client_psk, sizeof(client_psk), + (const unsigned char *)client_psk_id, + sizeof(client_psk_id) - 1); +#endif + +#if defined(MBEDTLS_X509_CRT_PARSE_C) + { + mbedtls_x509_crt *ca_cert = cert; + int ret; + + ret = mbedtls_x509_crt_parse_der(ca_cert, + ca_certificate, + sizeof(ca_certificate)); + if (ret != 0) { + NET_ERR("mbedtls_x509_crt_parse_der failed " + "(-0x%x)", -ret); + return ret; + } + + /* mbedtls_x509_crt_verify() should be called to verify the + * cerificate in the real cases + */ + + mbedtls_ssl_conf_ca_chain(&ctx->tls.mbedtls.conf, + ca_cert, NULL); + + mbedtls_ssl_conf_authmode(&ctx->tls.mbedtls.conf, + MBEDTLS_SSL_VERIFY_REQUIRED); + + mbedtls_ssl_conf_cert_profile(&ctx->tls.mbedtls.conf, + &mbedtls_x509_crt_profile_default); + } +#endif /* MBEDTLS_X509_CRT_PARSE_C */ + + return 0; +} +#endif + /* The signature of this routine must match the connect callback declared at * the mqtt.h header. */ @@ -254,6 +312,20 @@ static void publisher(void) client_ctx.mqtt_ctx.peer_addr_str = SERVER_ADDR; client_ctx.mqtt_ctx.peer_port = SERVER_PORT; +#if defined(CONFIG_MQTT_LIB_TLS) + /** TLS setup */ + client_ctx.mqtt_ctx.request_buf = tls_request_buf; + client_ctx.mqtt_ctx.request_buf_len = TLS_REQUEST_BUF_SIZE; + client_ctx.mqtt_ctx.personalization_data = TLS_PRIVATE_DATA; + client_ctx.mqtt_ctx.personalization_data_len = strlen(TLS_PRIVATE_DATA); + client_ctx.mqtt_ctx.cert_host = TLS_SNI_HOSTNAME; + client_ctx.mqtt_ctx.tls_mem_pool = &tls_mem_pool; + client_ctx.mqtt_ctx.tls_stack = tls_stack; + client_ctx.mqtt_ctx.tls_stack_size = K_THREAD_STACK_SIZEOF(tls_stack); + client_ctx.mqtt_ctx.cert_cb = setup_cert; + client_ctx.mqtt_ctx.entropy_src_cb = NULL; +#endif + /* Publisher apps TX the MQTT PUBLISH msg */ client_ctx.mqtt_ctx.publish_tx = publish_cb; diff --git a/samples/net/mqtt_publisher/src/test_certs.h b/samples/net/mqtt_publisher/src/test_certs.h new file mode 100644 index 00000000000..2bab1cab737 --- /dev/null +++ b/samples/net/mqtt_publisher/src/test_certs.h @@ -0,0 +1,110 @@ +/* + * Copyright (c) 2016 Intel Corporation + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#ifndef __TEST_CERTS_H__ +#define __TEST_CERTS_H__ + +#if defined(MBEDTLS_X509_CRT_PARSE_C) +/* This byte array can be generated by + * "cat ca.crt | sed -e '1d;$d' | base64 -d |xxd -i" + */ +static const unsigned char ca_certificate[] = { + 0x30, 0x82, 0x03, 0xa7, 0x30, 0x82, 0x02, 0x8f, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x09, 0x00, 0x83, 0x1f, 0x4e, 0x75, 0xe9, 0x25, 0x06, 0x14, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, 0x05, 0x00, 0x30, 0x6a, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0c, 0x0e, 0x41, 0x6e, 0x20, 0x4d, 0x51, 0x54, 0x54, 0x20, + 0x62, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, + 0x55, 0x04, 0x0a, 0x0c, 0x0d, 0x4f, 0x77, 0x6e, 0x54, 0x72, 0x61, 0x63, + 0x6b, 0x73, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, + 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, + 0x65, 0x2d, 0x43, 0x41, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x6e, 0x6f, 0x62, + 0x6f, 0x64, 0x79, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, + 0x6e, 0x65, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x37, 0x30, 0x37, 0x31, + 0x32, 0x31, 0x30, 0x32, 0x39, 0x35, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x32, + 0x30, 0x37, 0x30, 0x38, 0x31, 0x30, 0x32, 0x39, 0x35, 0x30, 0x5a, 0x30, + 0x6a, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, + 0x41, 0x6e, 0x20, 0x4d, 0x51, 0x54, 0x54, 0x20, 0x62, 0x72, 0x6f, 0x6b, + 0x65, 0x72, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x0d, 0x4f, 0x77, 0x6e, 0x54, 0x72, 0x61, 0x63, 0x6b, 0x73, 0x2e, 0x6f, + 0x72, 0x67, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, + 0x0b, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x2d, 0x43, 0x41, + 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x09, 0x01, 0x16, 0x12, 0x6e, 0x6f, 0x62, 0x6f, 0x64, 0x79, 0x40, + 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x6e, 0x65, 0x74, 0x30, + 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, + 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xdf, 0x1f, 0x0b, 0x10, + 0x56, 0xdd, 0xfd, 0xf4, 0x14, 0xef, 0x6c, 0x95, 0x5e, 0x40, 0x46, 0x29, + 0x3a, 0x29, 0xda, 0x04, 0x34, 0x2c, 0xf2, 0xec, 0x2c, 0xb1, 0x6d, 0x80, + 0xc3, 0x69, 0x12, 0xdb, 0xbf, 0x62, 0x4c, 0x9c, 0xfe, 0x11, 0xe9, 0x48, + 0x64, 0x46, 0x31, 0xce, 0xc9, 0x2c, 0x8e, 0xa7, 0x05, 0xbc, 0xde, 0x68, + 0xad, 0x8f, 0xc8, 0x3c, 0xc7, 0x0c, 0x4c, 0xc8, 0x4a, 0x7e, 0xb2, 0x1d, + 0x54, 0x75, 0x6f, 0x66, 0xa1, 0x6b, 0x39, 0x7c, 0x59, 0xc9, 0x61, 0xb2, + 0x95, 0xc2, 0x35, 0x74, 0x5d, 0x4a, 0xe1, 0xe1, 0x27, 0x54, 0xc3, 0xf4, + 0x50, 0xcb, 0xd7, 0x81, 0xf8, 0x55, 0x46, 0xf4, 0xb7, 0x60, 0xfc, 0x4b, + 0xf8, 0x74, 0x42, 0xb8, 0xfb, 0xdc, 0x10, 0xba, 0x08, 0xcb, 0xe0, 0x40, + 0x3d, 0x6b, 0x8f, 0x19, 0xc3, 0x8b, 0xeb, 0xef, 0x99, 0x1f, 0x8b, 0xa9, + 0x23, 0x1c, 0xbf, 0x9b, 0xed, 0xbc, 0x7b, 0xbc, 0x1b, 0x9d, 0x89, 0x51, + 0xa9, 0xa1, 0x0b, 0xae, 0x1c, 0x92, 0x54, 0x8e, 0x19, 0x04, 0x92, 0xf9, + 0x6a, 0x17, 0xa4, 0x70, 0x70, 0xb8, 0x65, 0xe8, 0xb2, 0xe4, 0x3a, 0x90, + 0x5a, 0x4e, 0x05, 0xe2, 0x8d, 0x4e, 0xdc, 0x34, 0x40, 0xb9, 0x1c, 0x88, + 0x59, 0xae, 0x3f, 0xc7, 0x75, 0x1d, 0x5e, 0x63, 0x2e, 0x4d, 0x18, 0x49, + 0x5a, 0x3e, 0x1c, 0x54, 0xbe, 0xc7, 0xfb, 0xbc, 0x34, 0x11, 0xab, 0x0c, + 0xad, 0x88, 0xc2, 0xdb, 0xff, 0xfb, 0x66, 0x25, 0xa3, 0xec, 0x2a, 0xbc, + 0x0d, 0x71, 0x63, 0x8f, 0x56, 0xdb, 0xba, 0xc9, 0x7d, 0x27, 0xbb, 0x0d, + 0x12, 0x48, 0x33, 0x34, 0x1f, 0xcc, 0x05, 0x9f, 0xfe, 0xff, 0xb9, 0x08, + 0xab, 0xbc, 0x47, 0x6b, 0xcd, 0x33, 0x51, 0xd9, 0x02, 0xc5, 0x40, 0xe8, + 0x22, 0x37, 0xc7, 0x5e, 0xe7, 0x22, 0x09, 0xe6, 0xd0, 0x12, 0x6a, 0xbd, + 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x1d, 0x06, + 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x09, 0x39, 0x8e, 0x88, + 0x53, 0x55, 0x87, 0xb9, 0x98, 0x88, 0x80, 0x23, 0xaf, 0x21, 0x4b, 0xb1, + 0x6c, 0xee, 0xa3, 0x22, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, + 0x18, 0x30, 0x16, 0x80, 0x14, 0x09, 0x39, 0x8e, 0x88, 0x53, 0x55, 0x87, + 0xb9, 0x98, 0x88, 0x80, 0x23, 0xaf, 0x21, 0x4b, 0xb1, 0x6c, 0xee, 0xa3, + 0x22, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, + 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xd1, + 0xcb, 0x8c, 0x13, 0xf7, 0xa9, 0x1a, 0xec, 0x81, 0x9b, 0xe6, 0x24, 0x79, + 0x76, 0x0b, 0xd6, 0x1c, 0x58, 0x7d, 0x5b, 0x2f, 0xa8, 0x13, 0x05, 0xc3, + 0xce, 0x7c, 0x59, 0x58, 0xe4, 0xdb, 0x62, 0x10, 0x63, 0xc1, 0xf2, 0x71, + 0x7c, 0x73, 0x21, 0xff, 0xaa, 0x40, 0x99, 0x3b, 0x93, 0x6b, 0x5f, 0x4e, + 0xa3, 0x18, 0xb6, 0x27, 0xd6, 0xc6, 0xdf, 0x38, 0xf1, 0x55, 0xdd, 0x54, + 0x67, 0x34, 0x84, 0x91, 0xa5, 0x45, 0x77, 0xcc, 0x24, 0x9c, 0x2c, 0x72, + 0x74, 0xa1, 0x16, 0x64, 0x18, 0xb9, 0x5f, 0xbc, 0x66, 0x52, 0xad, 0x3e, + 0xba, 0xbb, 0x53, 0x1d, 0x60, 0x2f, 0x09, 0x8f, 0x89, 0x3f, 0xdf, 0xef, + 0xee, 0xa7, 0xea, 0xdc, 0x3e, 0xfe, 0x03, 0xa5, 0x08, 0x00, 0x53, 0x31, + 0xb3, 0x77, 0x41, 0x4a, 0x4c, 0x0a, 0x28, 0x56, 0xd1, 0xa5, 0x25, 0x16, + 0xa1, 0x37, 0x72, 0x3f, 0xd9, 0x17, 0xfb, 0xc4, 0xb6, 0xf8, 0x8b, 0x2d, + 0x73, 0xb6, 0xe2, 0x0e, 0xc7, 0xe1, 0xaf, 0xec, 0xac, 0x40, 0x1a, 0x97, + 0x5d, 0x76, 0x68, 0x3e, 0x87, 0x17, 0x1a, 0xeb, 0x0f, 0x0c, 0x64, 0x1d, + 0xce, 0x64, 0xc0, 0x3d, 0x0f, 0x10, 0xba, 0x85, 0x6b, 0x28, 0x41, 0xee, + 0x60, 0x23, 0xcc, 0xf9, 0x54, 0x9c, 0xa3, 0x27, 0x88, 0xc7, 0x1b, 0xb3, + 0x8c, 0x57, 0x86, 0xcd, 0xb8, 0x77, 0x2a, 0x95, 0xaa, 0xa6, 0x0e, 0xb6, + 0x7e, 0x7e, 0xa0, 0x9f, 0xca, 0x87, 0xb4, 0x3f, 0xf5, 0xcf, 0xb4, 0xd4, + 0x3f, 0xee, 0xdd, 0x57, 0x61, 0x20, 0xfc, 0x48, 0xa4, 0x69, 0x74, 0xbc, + 0x3b, 0xbd, 0x02, 0x61, 0x95, 0xee, 0x27, 0x9f, 0x20, 0x3b, 0xfd, 0x3f, + 0xa7, 0x36, 0x47, 0xb5, 0x17, 0x98, 0x25, 0x62, 0x6d, 0x40, 0x44, 0x6e, + 0x8e, 0x7e, 0x96, 0x7d, 0x15, 0x09, 0x9b, 0x2e, 0x89, 0x8d, 0xbe, 0xea, + 0x5a, 0x6c, 0xb5 +}; +#endif /* MBEDTLS_X509_CRT_PARSE_C */ + +#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) +/* Avoid leading zero in psk because there's a potential issue of mosquitto + * that leading zero of psk will be skipped and it leads to TLS handshake + * failure + */ +const unsigned char client_psk[] = { + 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f +}; + +const char client_psk_id[] = "Client_identity"; +#endif + +#endif diff --git a/subsys/net/lib/mqtt/Kconfig b/subsys/net/lib/mqtt/Kconfig index a5fc60f17ca..2d527b21850 100644 --- a/subsys/net/lib/mqtt/Kconfig +++ b/subsys/net/lib/mqtt/Kconfig @@ -42,3 +42,12 @@ config MQTT_SUBSCRIBE_MAX_TOPICS help Set the maximum number of topics handled by the SUBSCRIBE/SUBACK messages during reception. + +config MQTT_LIB_TLS + bool + prompt "Enable TLS support for the MQTT application" + depends on MQTT_LIB + default n + select NET_APP_TLS + help + Enables MQTT library with TLS support diff --git a/subsys/net/lib/mqtt/mqtt.c b/subsys/net/lib/mqtt/mqtt.c index 5f960e09101..3fe328d851f 100644 --- a/subsys/net/lib/mqtt/mqtt.c +++ b/subsys/net/lib/mqtt/mqtt.c @@ -24,6 +24,10 @@ NET_BUF_POOL_DEFINE(mqtt_msg_pool, MQTT_BUF_CTR, MSG_SIZE, 0, NULL); #define MQTT_PUBLISHER_MIN_MSG_SIZE 2 +#if defined(CONFIG_MQTT_LIB_TLS) +#define TLS_HS_DEFAULT_TIMEOUT 3000 +#endif + int mqtt_tx_connect(struct mqtt_ctx *ctx, struct mqtt_connect_msg *msg) { struct net_buf *data = NULL; @@ -758,12 +762,29 @@ int mqtt_parser(struct mqtt_ctx *ctx, struct net_pkt *rx) } static -void mqtt_recv(struct net_app_ctx *ctx, struct net_pkt *pkt, int status, +void app_connected(struct net_app_ctx *ctx, int status, void *data) +{ + struct mqtt_ctx *mqtt = (struct mqtt_ctx *)data; + + /* net_app_ctx is already referenced to by the mqtt_ctx struct */ + ARG_UNUSED(ctx); + + if (!mqtt) { + return; + } + +#if defined(CONFIG_MQTT_LIB_TLS) + k_sem_give(&mqtt->tls_hs_wait); +#endif +} + +static +void app_recv(struct net_app_ctx *ctx, struct net_pkt *pkt, int status, void *data) { struct mqtt_ctx *mqtt = (struct mqtt_ctx *)data; - /* net_ctx is already referenced to by the mqtt_ctx struct */ + /* net_app_ctx is already referenced to by the mqtt_ctx struct */ ARG_UNUSED(ctx); if (status || !pkt) { @@ -800,19 +821,44 @@ int mqtt_connect(struct mqtt_ctx *ctx) } rc = net_app_set_cb(&ctx->net_app_ctx, - NULL, - mqtt_recv, + app_connected, + app_recv, NULL, NULL); if (rc < 0) { goto error_connect; } +#if defined(CONFIG_MQTT_LIB_TLS) + rc = net_app_client_tls(&ctx->net_app_ctx, + ctx->request_buf, + ctx->request_buf_len, + ctx->personalization_data, + ctx->personalization_data_len, + ctx->cert_cb, + ctx->cert_host, + ctx->entropy_src_cb, + ctx->tls_mem_pool, + ctx->tls_stack, + ctx->tls_stack_size); + if (rc < 0) { + goto error_connect; + } +#endif + rc = net_app_connect(&ctx->net_app_ctx, ctx->net_timeout); if (rc < 0) { goto error_connect; } +#if defined(CONFIG_MQTT_LIB_TLS) + /* TLS handshake is not finished until app_connected is called */ + rc = k_sem_take(&ctx->tls_hs_wait, ctx->tls_hs_timeout); + if (rc < 0) { + goto error_connect; + } +#endif + return rc; error_connect: @@ -832,6 +878,14 @@ int mqtt_init(struct mqtt_ctx *ctx, enum mqtt_app app_type) ctx->app_type = app_type; ctx->rcv = mqtt_parser; +#if defined(CONFIG_MQTT_LIB_TLS) + if (ctx->tls_hs_timeout == 0) { + ctx->tls_hs_timeout = TLS_HS_DEFAULT_TIMEOUT; + } + + k_sem_init(&ctx->tls_hs_wait, 0, 1); +#endif + return 0; }