Gilles,

Thanks for getting me to try to read DER files. There must definitely be something wrong in that area. I am speficying support for PEM in the build but reading DER gets me past that error.

Searching further :-)

Again, thanks

    Danny

Hello,

The first thing when you see an unexpected error code is to look up the
corresponding error message. Mbed TLS comes with a utility for that:

    programs/util/strerror 0x2180
    Last error was: -0x2180 - X509 - The CRT/CRL/CSR format is invalid,
e.g. different type expected

You can also search the error code in the source code:

    grep 0x2180 include/mbedtls/*.h                
    include/mbedtls/x509.h:#define
MBEDTLS_ERR_X509_INVALID_FORMAT                   -0x2180  /**< The
CRT/CRL/CSR format is invalid, e.g. different type expected. */

At first glance it looks like there's only one case for which CRT
parsing return MBEDTLS_ERR_X509_INVALID_FORMAT as opposed to
(MBEDTLS_ERR_X509_INVALID_FORMAT + low_level_error_code), and that's if
the certificate doesn't parse like a DER format at the top level. A
plausible reason for that is that the certificate is in PEM format and
your build has PEM support turned off. If that's the case, convert the
certifcate to DER when you copy it to the device. You can use the Mbed
TLS utility programs/util/pem2der for that.

Best regards,