Embassy MQTT client: TLS support#175
Merged
Merged
Conversation
Resolves 042 §8.1 option 1: embedded-tls 1.3 over the Embassy TCP socket with rustpki certificate verification, injected TRNG entropy, an SNTP time source, DNS resolution, and broker authentication — plus the gamma wiring and the open questions (CA distribution, record-size negotiation). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
… client Implements design 044: mqtts:// broker support behind a new embassy-tls feature. - embedded-tls 1.3 session over the Embassy TCP socket; rustpki (pure Rust, rsa+p384) certificate verification against an app-embedded root CA; SNI + hostname verification from the broker URL (IP-literal mqtts URLs are rejected at build()). - Entropy injected via TlsOptions (&'static mut dyn CryptoRngCore) — the app owns the TRNG; buffers are app-provided statics (D3, D10). - Connector-internal SNTPv4 task (UDP + DNS) backs the TlsClock; the first handshake waits for time sync so validity is always checked (D4, D5). The wire codec is feature-independent and host-tested. - The TLS manager loop is a connector-local port of mountain-mqtt-embassy's run() (which hard-codes a plain TcpSocket); the session speaks a custom Connection impl tracking decrypted plaintext + socket readiness, and re-subscribes inbound routes per session. The plain path is untouched (D6). - with_credentials() feeds MQTT CONNECT on both transports; the fork submodule gains upstream 0.4's ConnectionSettings::with_auth/ authenticated (aimdb-dev/mountain-mqtt@89a7129) (D8). - make check gains the embassy-runtime,embassy-tls,defmt clippy leg. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- Added `embassy_tls` feature to enable TLS connections using `embedded-tls`. - Introduced `TlsOptions` for configuring TLS parameters, including read and write buffers. - Updated the MQTT connection logic to handle both plain and TLS connections based on the feature flag. - Implemented SNTP for time synchronization to ensure certificate validity during TLS handshakes. - Enhanced error handling for IP literals in broker URLs, rejecting IPv6 literals and warning for IPv4 literals. - Updated documentation and examples to reflect the new TLS capabilities and usage instructions.
Adds Unreleased entries in the root and aimdb-mqtt-connector changelogs for the embassy-tls feature, with_tls/with_credentials, and the SNTP time source landed in the preceding commits.
… resubscribe The Embassy connector no longer copies mountain-mqtt-embassy's session loop (`State`/`ChannelEventHandler`/`try_action`/`handle_messages`, ~195 lines). It now calls the newly-public upstream `handle_messages`, so the plain and TLS paths share one keep-alive/action-dispatch/event implementation and can't drift. The plain `mqtt://` path switches to `run_with_subscriptions`, which re-subscribes the inbound topics on every connection. Previously it queued subscribe actions once at startup, so subscriptions were silently lost after a reconnect. Bumps the mountain-mqtt submodule to the matching upstream change. Net: -215/+30 in the connector; behaviour on the TLS path is unchanged. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Moves the `_external/embassy` pin from `20f6d85e8` (the standalone #6390 poll-methods commit) to the fork's main `217dbc9e1`, which merges that commit onto current upstream. No code change — 217dbc9e1's tree contains the same poll-method additions; this just points the pin at the fork's main line so the branch tracks main instead of a feature commit. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Re-pins `_external/embassy` to d60764b5 — the aimdb-dev/embassy fork main merged up to current embassy-rs upstream (124 commits) with the #6390 public poll_next_message / poll_changed carry retained. Verified compiling on thumbv7em-none-eabihf: embassy-adapter, mqtt-connector (embassy-tls), demo binary. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
mqtts://) to the Embassy MQTT connector behind a newembassy-tlsfeature: anembedded-tls1.3 session over the Embassy TCP socket, pure-Rustrustpkicertificate verification (rsa+p384), and SNI/hostname verification from the broker URL. IPv6 broker literals are rejected atbuild(); IPv4 literals get adefmtwarning.MqttConnectorBuilder::with_tls(TlsOptions)(entropy, static record buffers, SNTP server) andwith_credentials(username, password)(MQTT CONNECT auth, both transports); bumps theaimdb-dev/mountain-mqttfork submodule for upstream'swith_auth/authenticated.embassy-mqtt-connector-demoexample with atlsfeature and README walkthrough against the repo'sdev/mosquittobench broker; bumps demo heap size and fixesflash.sh's binary path (debug → release)..cargo/audit.toml/deny.tomladvisory ignores forembedded-tls'srsatransitive advisory, removes now-unused deps fromCargo.lock/deny.toml, and adds adebug = 2release profile so probe-rs/defmt can resolve file:line on release embedded builds.aimdb-mqtt-connectorchangelogs.The plain
mqtt://path is untouched; hardware verification against a real broker (EMQX) is still open per design 044's status line.Test plan
make check(newembassy-runtime,embassy-tls,defmtclippy leg included)mqtts://run againstdev/mosquittobench broker on hardware🤖 Generated with Claude Code