Skip to content

Embassy MQTT client: TLS support#175

Merged
lxsaah merged 12 commits into
mainfrom
feat/embassy-mqtt-tls-connector
Jul 11, 2026
Merged

Embassy MQTT client: TLS support#175
lxsaah merged 12 commits into
mainfrom
feat/embassy-mqtt-tls-connector

Conversation

@lxsaah

@lxsaah lxsaah commented Jul 11, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Adds TLS (mqtts://) to the Embassy MQTT connector behind a new embassy-tls feature: an embedded-tls 1.3 session over the Embassy TCP socket, pure-Rust rustpki certificate verification (rsa + p384), and SNI/hostname verification from the broker URL. IPv6 broker literals are rejected at build(); IPv4 literals get a defmt warning.
  • Adds a connector-internal SNTP (UDP) time source that gates the first TLS handshake on a successful time sync, so certificate validity is always checked.
  • Adds MqttConnectorBuilder::with_tls(TlsOptions) (entropy, static record buffers, SNTP server) and with_credentials(username, password) (MQTT CONNECT auth, both transports); bumps the aimdb-dev/mountain-mqtt fork submodule for upstream's with_auth/authenticated.
  • Resolves design 042 §8.1's open TLS question for the Embassy client (design doc 044 added).
  • Updates the embassy-mqtt-connector-demo example with a tls feature and README walkthrough against the repo's dev/mosquitto bench broker; bumps demo heap size and fixes flash.sh's binary path (debug → release).
  • Housekeeping: .cargo/audit.toml / deny.toml advisory ignores for embedded-tls's rsa transitive advisory, removes now-unused deps from Cargo.lock/deny.toml, and adds a debug = 2 release profile so probe-rs/defmt can resolve file:line on release embedded builds.
  • Records the changes in the root and aimdb-mqtt-connector changelogs.

The plain mqtt:// path is untouched; hardware verification against a real broker (EMQX) is still open per design 044's status line.

Test plan

  • make check (new embassy-runtime,embassy-tls,defmt clippy leg included)
  • Manual mqtts:// run against dev/mosquitto bench broker on hardware
  • Bench verification against real EMQX (tracked as follow-up)

🤖 Generated with Claude Code

lxsaah and others added 8 commits July 10, 2026 21:59
Resolves 042 §8.1 option 1: embedded-tls 1.3 over the Embassy TCP socket
with rustpki certificate verification, injected TRNG entropy, an SNTP time
source, DNS resolution, and broker authentication — plus the gamma wiring
and the open questions (CA distribution, record-size negotiation).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
… client

Implements design 044: mqtts:// broker support behind a new embassy-tls
feature.

- embedded-tls 1.3 session over the Embassy TCP socket; rustpki (pure
  Rust, rsa+p384) certificate verification against an app-embedded root
  CA; SNI + hostname verification from the broker URL (IP-literal mqtts
  URLs are rejected at build()).
- Entropy injected via TlsOptions (&'static mut dyn CryptoRngCore) — the
  app owns the TRNG; buffers are app-provided statics (D3, D10).
- Connector-internal SNTPv4 task (UDP + DNS) backs the TlsClock; the
  first handshake waits for time sync so validity is always checked (D4,
  D5). The wire codec is feature-independent and host-tested.
- The TLS manager loop is a connector-local port of
  mountain-mqtt-embassy's run() (which hard-codes a plain TcpSocket);
  the session speaks a custom Connection impl tracking decrypted
  plaintext + socket readiness, and re-subscribes inbound routes per
  session. The plain path is untouched (D6).
- with_credentials() feeds MQTT CONNECT on both transports; the fork
  submodule gains upstream 0.4's ConnectionSettings::with_auth/
  authenticated (aimdb-dev/mountain-mqtt@89a7129) (D8).
- make check gains the embassy-runtime,embassy-tls,defmt clippy leg.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- Added `embassy_tls` feature to enable TLS connections using `embedded-tls`.
- Introduced `TlsOptions` for configuring TLS parameters, including read and write buffers.
- Updated the MQTT connection logic to handle both plain and TLS connections based on the feature flag.
- Implemented SNTP for time synchronization to ensure certificate validity during TLS handshakes.
- Enhanced error handling for IP literals in broker URLs, rejecting IPv6 literals and warning for IPv4 literals.
- Updated documentation and examples to reflect the new TLS capabilities and usage instructions.
Adds Unreleased entries in the root and aimdb-mqtt-connector changelogs
for the embassy-tls feature, with_tls/with_credentials, and the SNTP
time source landed in the preceding commits.
@lxsaah lxsaah changed the title Embassy MQTT client: TLS support (design 044, WP7) Embassy MQTT client: TLS support Jul 11, 2026
test and others added 4 commits July 11, 2026 19:47
… resubscribe

The Embassy connector no longer copies mountain-mqtt-embassy's session loop
(`State`/`ChannelEventHandler`/`try_action`/`handle_messages`, ~195 lines). It
now calls the newly-public upstream `handle_messages`, so the plain and TLS
paths share one keep-alive/action-dispatch/event implementation and can't drift.

The plain `mqtt://` path switches to `run_with_subscriptions`, which
re-subscribes the inbound topics on every connection. Previously it queued
subscribe actions once at startup, so subscriptions were silently lost after a
reconnect. Bumps the mountain-mqtt submodule to the matching upstream change.

Net: -215/+30 in the connector; behaviour on the TLS path is unchanged.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Moves the `_external/embassy` pin from `20f6d85e8` (the standalone #6390
poll-methods commit) to the fork's main `217dbc9e1`, which merges that commit
onto current upstream. No code change — 217dbc9e1's tree contains the same
poll-method additions; this just points the pin at the fork's main line so the
branch tracks main instead of a feature commit.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Re-pins `_external/embassy` to d60764b5 — the aimdb-dev/embassy fork main merged
up to current embassy-rs upstream (124 commits) with the #6390 public
poll_next_message / poll_changed carry retained. Verified compiling on
thumbv7em-none-eabihf: embassy-adapter, mqtt-connector (embassy-tls), demo binary.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@lxsaah lxsaah merged commit efdb3c6 into main Jul 11, 2026
10 checks passed
@lxsaah lxsaah deleted the feat/embassy-mqtt-tls-connector branch July 11, 2026 22:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant