Hello,
I'm currently engaged in a project where I'm utilizing mbedtls for the management of certificates. Within this project, I'm aiming to integrate a revocation feature using Certificate Revocation Lists (CRLs). However, my search for resources on how to effectively implement a comprehensive certificate revocation process using mbedtls has unfortunately yielded no productive outcomes.
I am concerned about how to first create a crl file and sign it using my self-signed CA, how to revocate a certificate if we need to revocate it, and how to update the CRL, then when parsing the cert how to detect that this certificate has been revocated. ( I am using LPCXpresso55S16 as a client and raspberry pi as a server and I am doing all with coding).
Thank you in advance for your support.
Best regards,
Ahmed.
Hello,
I need some help to setup mbedtls as a CMake subproject, I added it as a subdirectory in my CMakeLists.
However, I can't figure out how to use my own config file for mbedtls (MBEDTLS_CONFIG_FILE option to the file I want as a config file).
When I put my custom config file to the include folder of mbedtls in the place of the original mbedtls_config.h file it works wel,l but it's not a future-proof option for me, is there anyone that could help me with this setup ?
Hi,
I have noticed that PSA driver wrapper function is missing for single part MAC verify function. In the current implementation, it calls the MAC compute wrapper and does the comparison using mbedtls_psa_safer_memcmp.
The hardware I am working on allows the complete process to be offloaded to it. Can we have an option for the same in wrapper layer for PSA for MAC verify ?
Regards,
Ruchika
Hi Mbed TLS users,
We are releasing Mbed TLS 3.4.1 and 2.28.4 LTS.
As the point release suggests, this is a small update which primarily addresses some expiring test certificates.
Full details are available via the release notes:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.4.1https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.4
We recommend all users to consider whether they are impacted, and to upgrade appropriately.
Thanks,
The Mbed TLS team
