Hi,

 

I have an inhouse developed secure authentication program that uses certificate for authentication. I have used mbedtls library for the x.509 certificate verification purpose. In our custom PKI we have only three level of certificates, Root-CA -> Intermediate-CA -> Device-Cert.

 

The embedded device has very limited memory, so instead of sending whole certificate chain, the devices communicates intermediate_CA and device cert (in der format base64 encoded) in separate packet. Root-CA will be available on node as trusted-ca. Intermediate is verified against Root; then device cert is verified against intermediate.

 

The problem is, the poc developed on linux platform is working fine – but on embedded platform I encounter either 0x3b00(parsing failed) or 0x2700(with flag 8). Also the error code are inconsistent.

 

I verified the integrity of packet with certificate using crc16. So no chance of certificate getting corrupted. Also verified the certificate’s base64 format integrity using crc16.

 

All certificates are sha256WithRSAEncryption; RSA Public-Key: (4096 bit)

Attached config.h on target platform for reference – could you help me if anything wrong with configuration.

 

 

While trying to trace, the flag was set from x509_crt.c from below code.

        /* No parent? We're done here */

        if( parent == NULL )

        {

            printf("NO_PARENT\r\n");

            *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;

            return( 0 );

        }

 

Any clue would be helpful.

 

Thanks,

Gopi Krishnan