Mbed forum

Certification verification failed only on target board

(Pozz Pozz) #1

In my application I’m using only DER formats (I undefined MBEDTLS_PEM_PARSE_C and MBEDTLS_PEM_WRITE_C). I also changed mbedtls_x509_crt_parse() to use mbedtls_x509_crt_parse_der_nocopy() instead of mbedtls_x509_crt_parse_der(). This is the only configuration that doesn’t run out of memory.

I can build the same code with mingw compiler in a Windows computer and it works well. I can connect to the server (actually AWS) without problems.

What is strange is the behaviour on the target (ARM Cortex-M3). The handshake stops with MBEDTLS_ERR_X509_CERT_VERIFY_FAILED error.

Considering they are the same code (except for the board dependent functions, mainly Ethernet driver), what could be the problem with the target board?


(Ron Eldor) #2

Hi @pozzugno
Considering both applications use same code and configuration, I would guess you are running out of memory on your board, causing the verification process to fail.

  • Do you know the size of the certificate chain?
  • Are the certificates signed with RSA or ECDSA?
  • Do you have MBEDTLS_ECP_RESTARTABLE defined?

Mbed TLS Team member