AzureRTOS/ThreadX MQTTs (mutual TLS)

Hello Guillaume,

Thanks for your reply.
In the meantime i got some progress and i done something like this in the tls_callback.

NX_SECURE_X509_CERT client_cert = { 0 };
UINT tls_setup_callback(NXD_MQTT_CLIENT *client_pt, NX_SECURE_TLS_SESSION *TLS_session_ptr, NX_SECURE_X509_CERT *certificate_ptr,   NX_SECURE_X509_CERT *trusted_certificate_ptr)
{
  UINT ret = NX_SUCCESS;
  NX_PARAMETER_NOT_USED(client_pt);

  /* Initialize TLS module */
  nx_secure_tls_initialize();

  /* Create a TLS session */
  ret = nx_secure_tls_session_create(TLS_session_ptr, &nx_crypto_tls_ciphers,
                                     crypto_metadata_client, sizeof(crypto_metadata_client));
  if (ret != TX_SUCCESS)
  {
    Error_Handler();
  }
  
  /* Need to allocate space for the certificate coming in from the broker. */
  memset((certificate_ptr), 0, sizeof(NX_SECURE_X509_CERT));

  /* Allocate space for packet reassembly. */
  ret = nx_secure_tls_session_packet_buffer_set(TLS_session_ptr, tls_packet_buffer,
                                                sizeof(tls_packet_buffer));
  if (ret != TX_SUCCESS)
  {
    Error_Handler();
  }

  /* allocate space for the certificate coming in from the remote host */
  ret = nx_secure_tls_remote_certificate_allocate(TLS_session_ptr, certificate_ptr,
                                                  tls_packet_buffer, sizeof(tls_packet_buffer));
  if (ret != TX_SUCCESS)
  {
    Error_Handler();
  }
  
  
  /*************************************** CA SECTIOn *****************************************/
  ret = nx_secure_x509_certificate_initialize(trusted_certificate_ptr, (UCHAR*)ca_der,
                                              ca_der_len, NX_NULL, 0, NULL, 0,
                                              NX_SECURE_X509_KEY_TYPE_NONE);
  
  
  if (ret != TX_SUCCESS)
  {
    MQTT_LOG("Certificate issue..\nPlease make sure that your X509_certificate is valid. \n");
    Error_Handler();
  }

  /* Add a CA Certificate to our trusted store */
  ret = nx_secure_tls_trusted_certificate_add(TLS_session_ptr, trusted_certificate_ptr);
  if (ret != TX_SUCCESS)
  {
    MQTT_LOG("Failed to load CA-certificate\n");
    Error_Handler();
  }
  

  /*******************************************************************************************/
  
  
  /************************************ CLIENT CERT SECTION ************************************/
  ret = nx_secure_x509_certificate_initialize(&client_cert, (UCHAR*)default_client_der,
                                              default_client_der_len, NX_NULL, 0, default_client_key_der, default_client_key_der_len,
                                              NX_SECURE_X509_KEY_TYPE_RSA_PKCS1_DER);
  if (ret != TX_SUCCESS)
  {
    MQTT_LOG("Failed to load client cert / key\n");
    Error_Handler();
  }
  
  
  ret = nx_secure_tls_local_certificate_add(TLS_session_ptr, &client_cert);
  if (ret != TX_SUCCESS)
  {
    Error_Handler();
  }
  
  /************************************************************************************************/
  


  
  


  return ret;
}

Basically i used an external object (declared before the function) and then loaded to the TLS_session_ptr.
Is this what you was saying , or is it more correct to initialize on the certificate_ptr?

Regards

Davide

Great!

Thanks

Davide