Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Marcus Hoffmann
    @hoffmann-m
    @rojer Since friday all our gateways that were connected to GCP via mqtt.googleapis.com are offline! Some devices connected via mqtt.2030.ltsapis.goog are still online. The log output for mqtt.googleapis.com: The certificate is not correctly signed by the trusted CA. We are running mongoos os 2.18.0. The GlobalSign R2 ca should not expire before 2021-12-15. Do you hear or know soming about this issue? Are some Google CAs missing from the ca.pem?
    Deomid Ryabkov
    @rojer
    @hoffmann-m Google has changed the certificate chain. it is still signed by a globalsign root but by a different one
    this one expires in 2028
    i guess they decided to switch in advance of root expiration
    to my knowledge, they did not announce their intention or what they will be switching to... our ca bundle does not ship this newer globalsign root, so devices were cut off...
    previosuly they used OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign, now they use C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
    why wouldn't they switch to one of their roots, i have no idea...
    i mean, they had to switch the chain, might as well switch to the same as their LTS APIs use
    but no. so here we are.
    Marcus Hoffmann
    @hoffmann-m
    thank you, do you have a source for this information?
    Deomid Ryabkov
    @rojer
    openssl s_client -connect mqtt.googleapis.com:8883 -showcerts
    they have two intermediates, last of which is signed by globalsign
    Marcus Hoffmann
    @hoffmann-m
    i see. by the way, we chose google cloud because it offers interesting security aspects in comparison. but now we have to integrate a backchannel, even for the lts.
    Deomid Ryabkov
    @rojer
    lts should be fine
    but using this root on their regular endpoint was a bad idea from the start...
    Marcus Hoffmann
    @hoffmann-m
    Okay, I think in the future the ca-bundle should be able to handle it. Perhaps it should be made more specific if necessary, so that you can combine only mdash and gcp (or aws, azure) if necessary.
    Marcus Hoffmann
    @hoffmann-m
    The migration process started in 2017 and is a cross-signed CA, which should have been used in ca.pem. But this information should also have been linked in the GCP documentation! Here some sources:
    abhibhatia98
    @abhibhatia98
    Hi, Do any one here who can guide me how can I use #include <sys/socket.h> library in mongoose-os . I am new to C
    Deomid Ryabkov
    @rojer
    there are no sockets in mongoose-os, you'll need to use mongoose networking api
    abhibhatia98
    @abhibhatia98
    do that make possible to listen some socket messages ??? I can't find relevant library .
    I want to listen some udp messages that my raspberry pi is sending
    Deomid Ryabkov
    @rojer
    it is possible but i won't be giving you a tutorial here.
    search mongoose networking api, there's a udp example there too
    abhibhatia98
    @abhibhatia98
    Hi @rojer I am checking out this page, do it make any callback when received something ?? I will be grateful if you provide me the path to sort out me problem. Problem is I want to listen some UDP messages .
    Marcus Hoffmann
    @hoffmann-m

    Hi @rojer, I hope you can help me again. Since Jul 20, 2021, 6:00:03 AM a single device was disconnected from gcp. It seems that for some reason the JWT can no longer be signed.

    mg_net.c:794            0x3ffde160 tcp://74.125.133.206:8883 -> 0
    mg_ssl_if_mbedtls.c:31  0x3ffde160 ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
    ATCA ECDSA verify ok, verified
    ATCA ECDSA verify ok, verified
    ATCA ECDSA verify ok, verified
    ATCA:16 failed to gen ECDH pubkey: 0xfa
    SW ECDH curve 3
    mgos_mqtt_conn.c:231    MQTT0 TCP connect ok (0)
    ATCA:2 ECDSA sign failed: 0xfa
    mgos_gcp.c:146          mbedtls_pk_sign failed: 0xffffb1ff
    mgos_mqtt_conn.c:257    MQTT0 Disconnect

    The device has worked well for the last 11 months. [MOS 2.17.0, GCP with ATECC608A crypto chip]

    Deomid Ryabkov
    @rojer
    0xfa is ATCA_HEALTH_TEST_ERROR
    the chip thinks it's unhealthy
    and refuses operations
    if power cycle doesn't do it, then i guess it's the chip
    never seen this happen before, but that's my guess
    @hoffmann-m ^^
    Jan
    @janko.valiska:matrix.org
    [m]
    Hi, I'm trying to implement custom OTA mechanism for ESP32 using ESP-IDF bootloader application rollback feature. But when I enable CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE=y sdkconfig option the build fails. I looked into docker container to esp-idf components/bootloader_support/include/esp_flash_partitions.h and it seems that necessary enum values are enclosed in #if 0 enum ... #endif. But in official ESP-IDF sources the needed enum is not enclosed in #if 0 #endif block. Is there some way to easily use this ESP-IDF feature along with rest of mongoose features(except mongoose OTA feature). Thank you.
    Deomid Ryabkov
    @rojer
    OTA is heavily patched in our fork of IDF
    it's entirely possible that some features won't work
    what are you looking for in appt rollback? maybe our own version (commit_timeout) will work for you
    Jan
    @janko.valiska:matrix.org
    [m]
    IDFs OTA mechanism and functions API are really good documented... I was thinking about using mgos/ota-common module, but i didn't found any documentation on how to use it, also I didn't found any example or README in ota-common repository. Everything regarding mgos/ota-common seems closed-source. That's the reason why I tried ESP-IDF OTA, but as I wrote there are surprises in your fork of IDF 🙂
    Marcus Hoffmann
    @hoffmann-m
    @rojer Thanks!
    Romio Ranjan Jena
    @itromio:matrix.org
    [m]
    Hi, I am trying to connect to a mqtt server hosted locally in a raspberry pi from my esp32. Is it possible to connect to the mqtt server using raspberrypi.local domain name using mdns?
    Deomid Ryabkov
    @rojer
    .local name resolution is not yet supported
    Romio Ranjan Jena
    @itromio:matrix.org
    [m]
    @rojer: Thanks for the confirmation
    Subhankar Mahapatra
    @Subh-Embedex
    hey guys,I am facing issue with downloading file to ESP32 via http.
    I am using this example
    https://github.com/mongoose-os-apps/http-fetch
    when I am trying with flash encrypted ESP32 if the file size is small (e.g 10-15kB) ,it is fine and downloaded with out any problem, but if the file is bit bigger (e.g 35-45KB) wdt is triggered when writing the chunk.
    on the other hand is I am trying with non-encrypted flash esp32 all the files are downloading and writing to file with out any issue.
    _
    Liviu
    @nliviu
    @Subh-Embedex Try to call mongoose_poll(0); when processing MG_EV_HTTP_CHUNK. This call will invoke mgos_wdt_feed and let other events to be processed.
    Sergio R. Caprile
    @scaprile
    HiveMQ added MQTT over WebSocket to HiveMQ Cloud Basic, will we see support for WebSocket transport in the MQTT client any time soon ? Just being curious (and perhaps eager to try)
    DrBomb
    @DrBomb
    what's wrong with normal TCP sockets?
    Sergio R. Caprile
    @scaprile
    Nothing, they work great.
    Some places seem to restrict outgoing connections to HTTP/HTTPS ports and from time to time I see interest on using WebSocket (perhaps from web-oriented people).
    abhibhatia98
    @abhibhatia98
    How can I set UDP listen address from program ??Till now I am doing it like below :
    mos config-set rpc.udp.listen_addr=udp://0.0.0.0:1234
    second Do I can enable or disable UDP listening like mqtt enable or disable ??
    gadget-man
    @gadget-man
    @abhibhatia98 just set it to the IP address and port, e.g. 0.0.0.0:1993. Set the IP to that of the device you want to monitor from. Then on the target device, call mos console --port udp://:1993/
    abhibhatia98
    @abhibhatia98
    @gadget-man Thanks for your response. My question is how can I set udp listen addr from program ?
    DrBomb
    @DrBomb
    abhibhatia98
    @abhibhatia98

    @DrBomb

    mgos_sys_config_set_rpc_udp_listen_addr("udp://0.0.0.0:1234"); 
    char *err = NULL;
    save_cfg(&mgos_sys_config, &err); 
    printf("Saving configuration: %s\n", err ? err : "no error");
    free(err);

    I have done this way and in logs it prints saved to conf9.json and no error
    But when I ran this mos call --port udp://192.168.43.107:1234/ Sys.GetInfo command it doesn't work.
    After I set it using mos config-set , and call the rpc over udp that works. Am I missing something here ??

    gadget-man
    @gadget-man
    @abhibhatia98 rpc.udp.listen_addr is for listening to the debug output of a mos device FROM a remote machine without serial connection. It sounds like what you are doing is send RPC command TO a mos device? In which case you need the RPC libs