LwIP MQTT TLS Connection Issue with Azure IoT Hub (Port 8883)

HELLO,

I am working with the LwIP MQTT client(stm32f407) and trying to connect securely to Azure IoT Hub using port 8883. I have enabled secure TLS connections by defining LWIP_ALTCP and LWIP_ALTCP_TLS. However, I am facing a connection reset issue

mqtt_parse_incoming: Remaining length after fixed header: 3
mqtt_parse_incoming: msg_idx: 5, cpy_len: 3, remaining 0
mqtt_tcp_err_cb: TCP error callback: error -15, arg: 0x20004d2c
MQTT: mqtt_connection_cb: Disconnected, reason: 256

code snippet:

#define MQTT_HOST_IP    "13.xx.74.xxx"
#define MQTT_HOST_PORT   8883
#define MQTT_USERNAME   "xxxxxetestnewhub.azxxxxxxxx/config_test_99/?api-version=2021-04-12"  // If required
#define MQTT_PASSWORD   "SharedAccessSignature sr=xxxxtestnewhub.azure-devices.net%2Fdevices%2Fconfig_test_99&sig=SawDwVxxxxxxxxxxxxGUHDtuqxaiE%3D&se=1734452908"  // If required
const char azure_root_ca[] = "-----BEGIN CERTIFICATE-----\r\n"
		"MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh\r\n"
		,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
          ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
		"8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe\r\n"
		"pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl\r\n"
		"MrY=\r\n"
		"-----END CERTIFICATE-----\r\n";
void ConnectionManager() {
    err_t err;
    uint8_t retryCount = 0;
    const uint8_t maxRetries = 5;
    mqttclient = mqtt_client_new();
    if (mqttclient == NULL) {
        printf("Error: Could not create MQTT client\r\n");
        return;
    }
     //generateRandomCharacters(clientId, 16);
    strncpy(clientId, "config_test_99", sizeof(clientId) - 1);
    clientId[sizeof(clientId) - 1] = '\0';  // Ensure null termination
      printf("MQTT Client ID: %s\r\n", clientId);
      //mbedtls_debug_set_threshold(4);     // mbedtls debug purpose
      struct altcp_tls_config *tls_config;
      const size_t mbedtls_root_certificate_len = sizeof(azure_root_ca);
      tls_config = altcp_tls_create_config_client((const u8_t*)azure_root_ca, mbedtls_root_certificate_len);
      if (tls_config == NULL) {
             printf("Failed to create TLS configuration.\n");
             return;
         }
    printf("TLS configuration created successfully.\r\n");
    memset(&mqttclientInfo, 0, sizeof(mqttclientInfo));
    mqttclientInfo.keep_alive = 60;
    mqttclientInfo.client_id = clientId;
    mqttclientInfo.client_user = MQTT_USERNAME;
    mqttclientInfo.client_pass = MQTT_PASSWORD;
    mqttclientInfo.tls_config = tls_config;

    // Free the TLS configuration after use
     //altcp_tls_free_config(tls_config);
    broker_ipaddr.addr = ipaddr_addr(MQTT_HOST_IP);
    printf("MQTT: connecting to %s\r\n", ipaddr_ntoa(((const ip_addr_t *)&broker_ipaddr)));
    while (retryCount < maxRetries) {
        if (!mqttConnected) {
            printf("MQTT: Attempting to connect to broker...\r\n");
            err = mqtt_client_connect(mqttclient, &broker_ipaddr, MQTT_HOST_PORT, mqtt_connection_cb, NULL, &mqttclientInfo);

            if (err != ERR_OK) {
                printf("MQTT: Connection initiation failed (err: %d). Retrying...\r\n", err);
                retryCount++;
                osDelay(5000); // Wait before retrying
            } else {
                printf("MQTT: Connection initiated. Waiting for callback...\r\n");
                // Wait for the callback to confirm the connection
                uint32_t waitTime = 0;
                while (waitTime < 60000 && !mqttConnected) { // 15 seconds timeout
                    osDelay(100); // Check every 100ms
                    waitTime += 100;
                }
                if (mqttConnected) {
                    printf("MQTT: Successfully connected to broker.\r\n");
                    // Set the incoming message callbacks
                    mqtt_set_inpub_callback(mqttclient, mqtt_incoming_publish_cb, mqtt_incoming_data_cb, NULL);
                    // Subscribe to a topic
                    mqtt_subscribe_to_topic(mqttclient);
                    // Publish a test message
                    mqtt_publish_message(mqttclient);
                    break;
                } else {
                    printf("MQTT: Connection attempt timed out. Retrying...\r\n");
                    retryCount++;
                }
            }
        }

        osDelay(1000); // Small delay between retries
    }

    if (!mqttConnected) {
        printf("MQTT: Failed to connect after %d attempts.\r\n", retryCount);
    }
    // Cleanup if needed
    mqtt_client_free(mqttclient);
}

Queries for Connecting LWIP MQTT to Azure IoT Hub:

• Can I successfully connect to Azure IoT Hub using LwIP's MQTT implementation?
• Azure IoT Hub requires MQTT 3.1.1 and TLS 1.2. Does LwIP's MQTT stack with LWIP_ALTCP_TLS fully support these requirements?
• When connecting to Azure IoT Hub over the secure port 8883, I frequently encounter a TCP reset (ERR_RST).Could this be due to:
  
  • Incorrect root CA ( DigiCert Global Root G2)?
  • TLS handshake failure?
  • LwIP configuration issues?
  
  Below are the detailed logs: