Hi! Just driving by with some information I discovered while trying to setup a bridge to a roomba s9 in Mosquitto.
Unfortunately, not good news for Mosquitto, I don't believe it is currently possible to setup a bridge to a roomba (S9 anyway) because there is something funky in the SSL cert chain that roomba is using.
I've opened a ticket with mosquitto with some extra info here: https: //github .com/eclipse/mosquitto/issues/2061
In theory, if Mosquitto could ignore the validation issue, it could connect like so:
mosquitto_sub -t "#" -d --host $ROBOT_HOST -p 8883 -i $ROBOT_BLID -u $ROBOT_BLID -P $ROBOT_PASSWORD --insecure --tls-version tlsv1.2 --ciphers DEFAULT@SECLEVEL=1
But it cant due to the SSL cert issue, you will get OpenSSL Error[0]: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed Error: A TLS error occurred.
.
Juuuuust in case it is useful to anyone though, it is possible to get the self-signed CA cert that irobot is using out of their app. By:
- Downloading the irobot app apk from somewhere like apkmirror https ://www.apkmirror .com/?post_type=app_release&searchtype=apk&s=irobot
- Unpack the apk and the nested "base" apk using a tool like apktool or just an archive tool. Find a file called irobotkeystore.bks.
- Get a copy of the latest bouncy castle jar and download it.
- Use keytool to extract the cert (the entry you are looking for is "0")
keytool -keystore res/raw/irobotkeystore.bks -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath ~/Downloads/bcprov-jdk15to18-168.jar -exportcert -alias 0 -file irobot0.pem -rfc
And that is the root cert, I've verified the chain is valid:
openssl s_client -connect 192.168.2.5:8883 -CAfile irobot0.pem
CONNECTED(00000003)
Can't use SSL_get_servername
depth=1 C = US, ST = Massachusetts, L = Beford, O = iRobot Corporation, OU = HBU, CN = Robot Intermediate CA A01
verify error:num=26:unsupported certificate purpose
verify return:1
depth=2 C = US, ST = MA, L = Bedford, O = iRobot, OU = HBU, CN = Roomba CA
verify return:1
depth=1 C = US, ST = Massachusetts, L = Beford, O = iRobot Corporation, OU = HBU, CN = Robot Intermediate CA A01
verify return:1
depth=0 C = US, ST = Massachusetts, L = Bedford, O = iRobot Corporation, OU = Production, CN = iRobot-783545A45675422DB5A4576E7829A1F4
verify return:1
---
Certificate chain
0 s:C = US, ST = Massachusetts, L = Bedford, O = iRobot Corporation, OU = Production, CN = iRobot-783545A45675422DB5A4576E7829A1F4
i:C = US, ST = Massachusetts, L = Beford, O = iRobot Corporation, OU = HBU, CN = Robot Intermediate CA A01
1 s:C = US, ST = Massachusetts, L = Beford, O = iRobot Corporation, OU = HBU, CN = Robot Intermediate CA A01
i:C = US, ST = MA, L = Bedford, O = iRobot, OU = HBU, CN = Roomba CA
Except for the issue with the intermediate cert purpose :).
Here is the cert in pem format for reference:
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJVUzEL
MAkGA1UECBMCTUExEDAOBgNVBAcTB0JlZGZvcmQxDzANBgNVBAoTBmlSb2JvdDEM
MAoGA1UECxMDSEJVMRIwEAYDVQQDEwlSb29tYmEgQ0EwHhcNMTUwMzEzMDAwMDAw
WhcNMjUxMjMxMDAwMDAwWjBfMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUExEDAO
BgNVBAcTB0JlZGZvcmQxDzANBgNVBAoTBmlSb2JvdDEMMAoGA1UECxMDSEJVMRIw
EAYDVQQDEwlSb29tYmEgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDIooRE+Q2qQ/3SiYbTtwBUwyY/YMncCMrhMoDcvkfJEawL1bHG9eL9c4qXSzec
t22lnY93LsZ80+0nQic5bPz21y89KNAC6Df4Yb4TWUwaZIDocNKjzC4keAKvxmVD
xycKMRM7Vf/f12gVRqXOeFZJUb+RzeIfWGvvNcqSEU234C0REQhtPaT+6jK/Qx04
lepgw8EYM4eoT5Ks10PIGzXemMZu7T44lvCcksog00YAMZaJ7skZ+vnBQhhjQdh+
mJGZtvMCG7Mk1cucu5JPVZwmzT9YKA6NMb3wEsujMI3bhY3QnFtF+a+IrbdjbNy+
/i2mT8yoCs/Q9TaKerT124DDAgMBAAGjEjAQMA4GA1UdDwEB/wQEAwICBDANBgkq
hkiG9w0BAQsFAAOCAQEAWE45Bxe2wpf3/5IRUF0bmf8eXKunsSPlM7+dSo/DKuUz
vyDBQt07NIp9e+OQp3Fojo94C14b27I9UmRPFJRDD3gI8wNKExKCvkUNEAIRVf3w
uRef860RwFodfJWjD4yBEQInLxxCRlCLTJ0gcqiRV8X6HSFCnLGJtIvKqF8hLwdP
m5WfPXr/zHzilTC7745FCZFlOtim5O+nMZMeHZp2urssjFLPvrkb1Q9l+FbF6jMr
gTzcLAd1L3a+NKR/i1TKZ+rn9tNnA9aUAXN9BnxResfBkIEKoQ6HJoFlZyfzKAiW
CRju2zTBnR6vg+kWjPxVCwcGRdzAZeDgc8xFqTxRMw==
-----END CERTIFICATE-----