Hello,
I’m using mbedTLS v3.1.0 and trying to make DTLS server (and using DTLS client as testing environments). Server and client are based on mbedTLS dtls_client/dtls_server examples.
If (server) certificate do not have CN field, client reports that X.509 certificate verify failed.
If I add server IP address (e.g. 1.2.3.4) to CN field, then client is able to verify the server certificate.
I would like to set IP address to SAN field, but mbedTLS reports for IP fields. DNS fields (at SAN field), mbedTLS shows correctly, but DNS names are not used in these systems.
So, how to add missing functionality to mbedTLS (or is it coming to mbedTLS in near future releases)?
If I search mbedTLS source code: MBEDTLS_X509_SAN_IP_ADDRESS: There’s no handlers (like for MBEDTLS_X509_SAN_DNS_NAME).
If IP address at SAN field is used, what should be set to CN field (when using mbedTLS) to that mbedTLS is happy? Should it be left out of certificate totally (I assume so)?