Dear Mbed TLS Support Team,

I am currently working on a project using Mbed TLS version 3.6 on FreeRTOS, and I am encountering an issue with handling multiple CA certificates during the TLS handshake process. My device has a set of built-in certificates, and I need to try each certificate one by one to establish a successful connection to my server. However, I am facing difficulties in this process.

### System Information:
- **Mbed TLS version**: 3.6
- **Operating System**: FreeRTOS
- **Configuration**: Default
- **Compiler and Options**: N/A (using default configuration)

### Expected Behavior:
The first certificate (e.g., `cdotroot.cer`) cannot be verified by Mbed TLS, while the correct certificate should successfully establish a connection.

### Actual Behavior:
Both the incorrect and correct CA certificates fail to establish a connection successfully.

### Steps to Reproduce:
Here is a sample of my code:
```c
static int load_and_verify_certificates(int conn_id, uint8_t *cert_buffer, size_t buffer_size) {
    int ret;
    bool connection_established = false;
    uint32_t cert_index = 0;

    while (!connection_established && cert_index < MAX_CERT_COUNT) {
        size_t cert_size = buffer_size;
       
        // Free and initialize the certificate context
        mbedtls_x509_crt_free(&cacert[conn_id]);
        mbedtls_x509_crt_init(&cacert[conn_id]);

        // Load the built-in certificate
        ret = try_built_in_certificate(cert_buffer, &cert_size, cert_index);
        if (ret == CERT_ERR_INDEX_OUT_OF_RANGE) {
            break;
        }
        if (ret != CERT_SUCCESS) {
            cert_index++;
            continue;
        }

        // Parse the certificate
        cert_buffer[cert_size] = '\0';
        ret = mbedtls_x509_crt_parse(&cacert[conn_id], cert_buffer, cert_size + 1);
        if (ret < 0) {
            cert_index++;
            continue;
        }

        // Set the certificate chain
        mbedtls_ssl_conf_ca_chain(&conf[conn_id], &cacert[conn_id], NULL);

        // Perform the TLS handshake
        ret = mbedtls_ssl_handshake(&ssl[conn_id]);
        if (ret == 0) {
            uint32_t flags = mbedtls_ssl_get_verify_result(&ssl[conn_id]);
            if (flags == 0) {
                connection_established = true;
                // Cache the certificate
                cache_certificate(cert_buffer, cert_size, cert_index);
                break;
            }
        } else {
            LOGD("Failed to perform handshake with certificate index %d, error: -0x%x\n", cert_index, -ret);
        }

        // Reset the SSL session
        ret = mbedtls_ssl_session_reset(&ssl[conn_id]);
        if (ret != 0) {
            LOGD("Failed to reset SSL session, error: -0x%x\n", -ret);
            return ret;
        }

        cert_index++;
    }

    return connection_established ? 0 : -1;
}
```

### Additional Information:
Here are the logs:
```
Reading certificate 'cdotroot.cer' at address 0x08100650, size: 1348
Failed to perform handshake with certificate index 0, error: -0x2700
Reading certificate 'digicertroot.cer' at address 0x08100B94, size: 1360
Failed to perform handshake with certificate index 1, error: -0x7300
...
```

I suspect that the issue may be related to the limited RAM space available on my device. I am looking for guidance on how to properly iterate through and verify the built-in certificates within these constraints. Any suggestions or best practices for handling multiple certificates in such an environment would be greatly appreciated.

Thank you for your assistance.

Best regards,