On Dec 3, 2021, at 22:19, Felipe Gasper via mbed-tls mbed-tls@lists.trustedfirmware.org wrote:
https://gist.github.com/FGasper/43758d13e987518009d18ec8951ffcbb
^^ With 3.0.0 this prints:
seeded entropy mbedtls connected trust loaded ok SNI set ok handshake tried handshake: X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
… but if I switch to the development branch, it works.
Same trust chain, same code … but the production code fails while the dev one works …
Am I just “holding it wrong”?
FWIW, baff51c8b7d0e6d9e023fa4f0cea4410fc08f719 (Make sure nonce length checks use base algorithm) seems to fix the issue.
-FG