This past week has sucked on the esp32 front. I have not been able to get this project running and I think it's not due to the github project itself but rather poor documentation.

[E][WiFiClientSecure.cpp:133] connect(): start_ssl_client: -1
Settings incorrect or missing a cyper for SSL
Connect with mqtt.2030.ltsapis.goog:8883
ClientId: projects/growsimple/locations/asia-east1/registries/grow-simple-nodes/devices/testNode
Waiting 60 seconds, retry will likely fail

Is an error that I keep bumping into. on githubmemory you'll quickly find that almost everybody is having this error.

https://githubmemory.com/repo/GoogleCloudPlatform/google-cloud-iot-arduino/issues

However there is one user who has a fix.

https://githubmemory.com/repo/GoogleCloudPlatform/google-cloud-iot-arduino/issues/221

Has an OP which claims that their fix to this error was to

I was able to connect to Cloud IOT Core while using root certificate by following these steps:

Download primary and secondary crt files from the following link: (https://cloud.google.com/iot/docs/how-tos/mqtt-bridge#downloading_mqtt_server_certificates)

Convert these '.crt' files in '.pem' file using the following command

openssl x509 -inform DER -in gtsltsr.crt -out primary.pem -text
openssl x509 -inform DER -in GSR4.crt -out secondary.pem -text

And then copying the content from both these file which end up looking something like this in ciotc_config.h file

Which sounds easy until you visit the google docs and they are not written for embedded developers.

https://cloud.google.com/iot/docs/how-tos/mqtt-bridge#downloading_mqtt_server_certificates

To use TLS transport, devices must verify Cloud IoT Core server certificates to ensure they're communicating with Cloud IoT Core rather than an impersonator. The following certificate packages support verification:

The complete Google root CA certification package (128 KB) for mqtt.googleapis.com.
Google's minimal root CA set (<1 KB) for mqtt.2030.ltsapis.goog. The minimal root CA set includes a primary and backup certificate.

After downloading Google root CA certificates to your device, you can configure an MQTT client to authenticate the device, connect to the MQTT server, and communicate over the MQTT bridge.

Which is chock full of information on how / where to actually download the .crt file. I am stuck. The rabbit hole comes to a dead end. I've already tried copying and pasting the results of openssl s_client -showcerts -connect mqtt.2030.ltsapis.goog:8883 with no success.