-- Gilles Peskine Mbed TLS developer On 22/02/2022 12:14, Subramanian Gopi Krishnan via mbed-tls wrote: > > Hi, > >   > > I am evaluating TLS PSK capability on mbedlts-2.16.12 by running > following command. I modified TLS client to have only PSK and removed > all private key and certificate related code. However, the servier > indicated x.509 verification ok. What is it? > >   > > ./a.out > > ok > >   . Performing the SSL/TLS handshake... ok > >     [ Protocol is TLSv1.2 ] > >     [ Ciphersuite is TLS-PSK-WITH-AES-128-GCM-SHA256 ] > >     [ Record expansion is 29 ] > >   . Closing the connection... done > >   > > ./ssl_server2 > psk="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" > psk_list="Client_identity","AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" > force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256 > >   > >   . Seeding the random number generator... ok > >   . Loading the CA root certificate ... ok (0 skipped) > >   . Loading the server cert. and key... ok > >   . Bind on tcp://*:4433/ ... ok > >   . Setting up the SSL/TLS structure... ok > >   . Waiting for a remote connection ... ok > >   . Performing the SSL/TLS handshake... ok > >     [ Protocol is TLSv1.2 ] > >     [ Ciphersuite is TLS-PSK-WITH-AES-128-GCM-SHA256 ] > >     [ Record expansion is 29 ] > >     [ Maximum fragment length is 16384 ] > >   . Verifying peer X.509 certificate... ok > >   < Read from client: 34 bytes read > >   > > GET / HTTP/1.0 > > Extra-header: > >   > >   > >   > Write to client: 144 bytes written in 1 fragments > >   > > HTTP/1.0 200 OK > > Content-Type: text/html > >   > > <h2>mbed TLS Test Server</h2> > > <p>Successful connection using: TLS-PSK-WITH-AES-128-GCM-SHA256</p> > >   > >  . Closing the connection... done > >   . Waiting for a remote connection ... > >   > >   > >   > >   > >   > >   > >   > >   > >   > >   > >   > >   > >   > >   > >   > >   > >   > >   > >   > >   > > Thanks, > > Gopi Krishnan > >