That's right. Reading from the next pointer is not a problem. But if you modify it, you need to be compatible with the library's memory management, and that's risky. If you aren't careful, you might have a memory leak, or worse, a use-after-free.I assume the argument to not touch the `next` pointer comes from the fact that you need to properly free any memory, or keep a reference to it when breaking the chain.
Is there a way to treat mbedtls_x509_crt simply as a certificate store? Say I have some PEM data, parse it into a temporary mbedtls_x509_crt and then I would like to append this certificate to said mbedtls_x509_crt certificate store.Due to the difficulty of ensuring correct memory management in C, the official way to do this is to parse the certificate directly into the chain: mbedtls_x509_crt_parse() and friends do this, and doing it that way ensures that a certificate only ends up on one chain.