HI @dcorbin
Thank you for your query.
In order to get the public key from the certificate, I would first parse the certificate using mbedtls_x509_crt_parse(). The parsed certificate is stored as a mbedtls_x509_crt structure, which has a mbedtls_pk_context within.
This stucture can be used to verify yourhash using mbedtls_pk_verify().
I agree that it’s not good to access internal members of a struct, for ABI compatability, and for that we raised API to extract public key from parsed certificate · Issue #2294 · Mbed-TLS/mbedtls · GitHub, which already has an unmerged fix.
Regards,
Mbed TLS Support
Ron