Hi Janos,
I think that the words "certificate store" and "certificate chain"
have the same meaning in my case. I'll try to illustrate what I'm
trying to achieve with pseudocode:
```
mbedtls_x509_crt cert, chain;
mbedtls_x509_crt_parse(&cert, pem, len);
mbedtls_x509_crt_add_to_chain(chain, cert); // doesn't exist
```
I couldn't find any function which would work like
"mbedtls_x509_crt_add_to_chain" in the API. And since based on the
docs I shouldn't work with the linked list in the chain directly,
there is currently no way to achieve this, right?
Either way, I can just stick with doing
`mbedtls_x509_crt_parse(&chain, ...)` instead. It's just a
small inconvenience in my use case, but it works just fine.
Regards,
Roman.
On 4/16/24 11:25, Janos Follath via
mbed-tls wrote:
Hi
Roman,
I am
sorry, I don’t know about any Mbed TLS API that would
directly implement a certificate store. mbedtls_x509_crt
meant to handle certificate chains and not certificate
stores. One way of implementing a certificate store on top
of Mbed TLS would be to define your file format for the
certificate store and define your own operations on it and
use Mbed TLS to read and write single certificates.
Best
regards,
Janos
Hello,
I have an implementation in OpenSSL and am trying to
recreate it using
MbedTLS. One of the differences in these two I have
yet to overcome is
the following:
Is there a way to treat mbedtls_x509_crt simply as a
certificate store?
Say I have some PEM data, parse it into a temporary
mbedtls_x509_crt and
then I would like to append this certificate to said
mbedtls_x509_crt
certificate store.
The following is stated in the docs of
mbedtls_x509_crt:
> struct mbedtls_x509_crt *next
Next certificate in the linked list that
constitutes the CA chain.
NULL indicates the end of the list. Do not modify
this field directly.
Is there a way to achieve this if it's advised not to
modify the field
directly?
Thank you in advance,
Roman.