Hello,
Is there a way to differenciate a user certificate from a CA certificate in mbedTLS ?
Maybe a specific flag set in the mbedtls_x509_crt structure ?
Thanks
Hi @Pokitoz
Thank you for your question.
I am not sure I follow you.
the CA certificate you set through mbedtls_ssl_conf_ca_chain() as a list of trusted CAs (https://github.com/ARMmbed/mbedtls/pull/2532 introduces a new way for setting the CA trusted certificates)
The device peer certificate is sent through the certificate handshake message, and stored (if MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is set ) in the peer_cert member.
In addition, the mbedtls_x509_crt struct has a member ca_istrue.
regards,
Mbed TLS Team member
Ron
Thanks for your answer @roneld01. I will have a look.
I am currently loading the CA certificate using mbedtls_x509_crt_parse and I wanted to make sure that I am not loading a user certificate for checking trusted certificates.