Hello,
I run a client that has been ported MbedTLS, but the client connect server faild. I check the  debug log, the end client state is 15. In the client state 3, the client receive only one certificate from server, and the log printing "Certificate verification flags 8". Here are part of logs:
    ..\MbedTLS\library\ssl_tls.c:4232: dumping 'input record from network' (4467 bytes)
    ..\MbedTLS\library\ssl_tls.c:4232: 0000:  16 03 03 11 6e 0b 00 11 6a 00 11 67 00 05 c2 30  ....n...j..g...0
    ..\MbedTLS\library\ssl_tls.c:4232: 0010:  -------- omit some network input data --------
    ..\MbedTLS\library\ssl_tls.c:4232: 0ff0:  38 a0 36 a0 34 86 32 68 74 74 70 3a 2f 2f 63 72  8.6.4.2http://cr
    ..\MbedTLS\library\ssl_tls.c:3624: handshake message: msglen = 4462, type = 11, hslen = 4462
    ..\MbedTLS\library\ssl_tls.c:4385: <= read record
    ..\MbedTLS\library\ssl_tls.c:5606: peer certificate #1:
    ..\MbedTLS\library\ssl_tls.c:5606: cert. version     : 3
    ..\MbedTLS\library\ssl_tls.c:5606: serial number     : F0:57:5F:65:80:A9:70:B4:F9:8E:42:91:AE:D0:70:27
    ..\MbedTLS\library\ssl_tls.c:5606: issuer name       : C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
    ..\MbedTLS\library\ssl_tls.c:5606: subject name      : CN=*.xxxxxxxx.com
    ..\MbedTLS\library\ssl_tls.c:5606: issued  on        : 2020-06-01 00:00:00
    ..\MbedTLS\library\ssl_tls.c:5606: expires on        : 2021-05-26 23:59:59
    ..\MbedTLS\library\ssl_tls.c:5606: signed using      : RSA with SHA-256
    ..\MbedTLS\library\ssl_tls.c:5606: RSA key size      : 2048 bits
    ..\MbedTLS\library\ssl_tls.c:5606: basic constraints : CA=false
    ..\MbedTLS\library\ssl_tls.c:5606: subject alt name  : *.xxxxxxxx.com, xxxxxxxx.com
    ..\MbedTLS\library\ssl_tls.c:5606: key usage         : Digital Signature, Key Encipherment
    ..\MbedTLS\library\ssl_tls.c:5606: ext key usage     : TLS Web Server Authentication, TLS Web Client Authentication
    ..\MbedTLS\library\ssl_tls.c:5606: value of 'crt->rsa.N' (2048 bits) is:
    ..\MbedTLS\library\ssl_tls.c:5606:  af b7 73 1a f9 8a 2d 5e a2 e8 0f fd 89 5d 60 1d
    ..\MbedTLS\library\ssl_tls.c:5606:  -------- omit some bits --------
    ..\MbedTLS\library\ssl_tls.c:5606:  e6 8e f8 3e ed ec 8e dd ec 46 48 85 9a b4 c8 71
    ..\MbedTLS\library\ssl_tls.c:5606: value of 'crt->rsa.E' (17 bits) is:
    ..\MbedTLS\library\ssl_tls.c:5606:  01 00 01
    ..\MbedTLS\library\ssl_tls.c:5757: x509_verify_cert() returned -9984 (-0x2700)
    ..\MbedTLS\library\ssl_tls.c:5851: ! Certificate verification flags 8
    ..\MbedTLS\library\ssl_tls.c:5863: <= parse certificate

At the client side, I download certificate of server, and get CA and root CA base on this certificate. Loading any one of these certificates into the client can't connect server.

I did a test with another server. The different of the handshark is that the server issued two certificates, one is server's cert and another is CA cert. Loading CA or root CA into the client both can connect server successfully.

problems:
  1. Must the server send CA certificate in handshake phase?
  2. The client holds CA certificate, dose MbedTLS client support downloading CA base on server's certificate?
  3. In the source code, the certificate chain only contains the certificate issued by the server during handshake, not the CA certificate downloaded by the client according to the server certificate?

Thank you very much for the answers.
Best regards,
berry chen