Hi Roman,
my understanding and experience is that `mbedtls_x509_crt` either represents a single X509 cert (next == NULL), or a collection of certificates (either a chain, or a list of trusted CA certificates) that are linked together via `next` pointer.
When you call the `mbedtls_x509_crt_parse` and give it a PEM containing multiple root certs (for example) it will return a linked list of those certs.
I assume the argument to not touch the `next` pointer comes from the fact that you need to properly free any memory, or keep a reference to it when breaking the chain.
I am successfully building a chain to be later used by TLS context by manually linking the pointers together and have not seen any issues so far.
But let’s see what Gilles or others have to say, take my answer as unverified :)
Martin
On 16. 4. 2024, at 10:37, Roman Janota via mbed-tls mbed-tls@lists.trustedfirmware.org wrote:
Hello,
I have an implementation in OpenSSL and am trying to recreate it using MbedTLS. One of the differences in these two I have yet to overcome is the following:
Is there a way to treat mbedtls_x509_crt simply as a certificate store? Say I have some PEM data, parse it into a temporary mbedtls_x509_crt and then I would like to append this certificate to said mbedtls_x509_crt certificate store.
The following is stated in the docs of mbedtls_x509_crt:
struct mbedtls_x509_crt *next
Next certificate in the linked list that constitutes the CA chain. NULL indicates the end of the list. Do not modify this field directly.
Is there a way to achieve this if it's advised not to modify the field directly? Thank you in advance, Roman.
-- mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.org