Hi Janos,

I think that the words "certificate store" and "certificate chain" have the same meaning in my case. I'll try to illustrate what I'm trying to achieve with pseudocode:

```
mbedtls_x509_crt cert, chain;
mbedtls_x509_crt_parse(&cert, pem, len);
mbedtls_x509_crt_add_to_chain(chain, cert);  // doesn't exist
```

I couldn't find any function which would work like "mbedtls_x509_crt_add_to_chain" in the API. And since based on the docs I shouldn't work with the linked list in the chain directly, there is currently no way to achieve this, right?

Either way, I can just stick with doing `mbedtls_x509_crt_parse(&chain, ...)` instead. It's just a small inconvenience in my use case, but it works just fine.

Regards,
Roman.

On 4/16/24 11:25, Janos Follath via mbed-tls wrote:

Hi Roman,

 

I am sorry, I don’t know about any  Mbed TLS API that would directly implement a certificate store. mbedtls_x509_crt meant to handle certificate chains and not certificate stores. One way of implementing a certificate store on top of Mbed TLS would be to define your file format for the certificate store and define your own operations on it and use Mbed TLS to read and write single certificates.

 

Best regards,

Janos

 

 

From: Roman Janota via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Date: Tuesday, 16 April 2024 at 09:37
To: mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.org>
Subject: [mbed-tls] Appending a cert to mbedtls_x509_crt

Hello,

I have an implementation in OpenSSL and am trying to recreate it using
MbedTLS. One of the differences in these two I have yet to overcome is
the following:

Is there a way to treat mbedtls_x509_crt simply as a certificate store?
Say I have some PEM data, parse it into a temporary mbedtls_x509_crt and
then I would like to append this certificate to said mbedtls_x509_crt
certificate store.

The following is stated in the docs of mbedtls_x509_crt:

 > struct mbedtls_x509_crt *next
   Next certificate in the linked list that constitutes the CA chain.
NULL indicates  the end of the list. Do not modify this field directly.

Is there a way to achieve this if it's advised not to modify the field
directly?
Thank you in advance,
Roman.