PR #492: Fix certificate paths and add build instructions

- Use CMake to configure certificate paths
- Add wolfSSL and wolfMQTT build instructions
- Add debug prints for certificate loading
- Update documentation

Co-Authored-By: [email protected] <[email protected]>

Author: devin-ai-integration[bot]

fullstack/freertos-wolfip-wolfmqtt/CMakeLists.txt

@@ -5,8 +5,14 @@ project(freertos_wolfssl_demo C)
 set(CMAKE_C_STANDARD 11)
 set(CMAKE_C_STANDARD_REQUIRED ON)
 
-# wolfSSL configuration
-add_definitions(-DWOLFSSL_USER_SETTINGS)
+# Configure certificate paths
+set(WOLFSSL_CERTS_DIR "${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfssl/certs")
+add_definitions(
+    -DWOLFSSL_USER_SETTINGS
+    -DMQTT_TLS_CA_CERT="${WOLFSSL_CERTS_DIR}/ca-cert.pem"
+    -DMQTT_TLS_CLIENT_CERT="${WOLFSSL_CERTS_DIR}/client-cert.pem"
+    -DMQTT_TLS_CLIENT_KEY="${WOLFSSL_CERTS_DIR}/client-key.pem"
+)
 
 # FreeRTOS Kernel source files for POSIX port
 set(FREERTOS_PORT_DIR ${CMAKE_CURRENT_SOURCE_DIR}/freertos/FreeRTOS-Kernel/portable/ThirdParty/GCC/Posix)

fullstack/freertos-wolfip-wolfmqtt/README.md

@@ -16,6 +16,32 @@ This example demonstrates a full-stack embedded MQTT client using FreeRTOS, wolf
 - Mosquitto broker (for testing)
 - wolfSSL libraries
 
+## Building Dependencies
+
+### wolfSSL
+```bash
+cd ~/repos/wolfssl
+./autogen.sh
+./configure --enable-tls13 --enable-aead --enable-hkdf \
+    --enable-certgen --enable-certreq --enable-certext \
+    --enable-tlsx --enable-snl --enable-ocsp \
+    --enable-cryptocb --enable-des3 --enable-curve25519 \
+    --enable-ed25519 --enable-keygen --enable-rsapss \
+    --enable-sha224 --enable-sha384 --enable-sha512 \
+    --enable-dh --enable-opensslextra
+make
+sudo make install
+```
+
+### wolfMQTT
+```bash
+cd ~/repos/wolfMQTT
+./autogen.sh
+./configure --enable-tls --enable-nonblock
+make
+sudo make install
+```
+
 ## Building and Running
 
 ### Setup

fullstack/freertos-wolfip-wolfmqtt/include/user_settings.h

@@ -31,11 +31,6 @@
 #define ECC_TIMING_RESISTANT
 #define WC_TIMING_RESISTANT
 
-/* TLS Certificate Paths */
-#define MQTT_TLS_CA_CERT     "../../../wolfssl/certs/ca-cert.pem"
-#define MQTT_TLS_CLIENT_CERT "../../../wolfssl/certs/client-cert.pem"
-#define MQTT_TLS_CLIENT_KEY  "../../../wolfssl/certs/client-key.pem"
-
 /* wolfSSL TLS configuration */
 #define WOLFSSL_TLS13
 #define WOLFSSL_TLS13_NO_OLD_TLS

fullstack/freertos-wolfip-wolfmqtt/src/mqtt_net.c

@@ -39,14 +39,19 @@ static int mqtt_tls_init(void) {
         return -1;
     }
 
+    printf("Loading CA certificate from: %s\n", MQTT_TLS_CA_CERT);
     if (wolfSSL_CTX_load_verify_locations(mqtt_tls_ctx, MQTT_TLS_CA_CERT, NULL) != SSL_SUCCESS) {
         printf("Failed to load CA certificate\n");
         return -1;
     }
+
+    printf("Loading client certificate from: %s\n", MQTT_TLS_CLIENT_CERT);
     if (wolfSSL_CTX_use_certificate_file(mqtt_tls_ctx, MQTT_TLS_CLIENT_CERT, SSL_FILETYPE_PEM) != SSL_SUCCESS) {
         printf("Failed to load client certificate\n");
         return -1;
     }
+
+    printf("Loading client key from: %s\n", MQTT_TLS_CLIENT_KEY);
     if (wolfSSL_CTX_use_PrivateKey_file(mqtt_tls_ctx, MQTT_TLS_CLIENT_KEY, SSL_FILETYPE_PEM) != SSL_SUCCESS) {
         printf("Failed to load client key\n");
         return -1;