I have written TM4C bare metal (no RTOS) firmware that works fine with mbedTLS 2.14.1, and I have a test case where a Client certificate is sent without the appropriate Client Key Usage. Using 2.14.1, the handshake completes, but is rejected due to the missing Key Usage. So far, all is behaving as expected.
I have now upgraded to the mbedTLS 2.16.3 release, and this test case is failing. The symptom is that the handshake times out, and the python test client doesn’t see the expected SSL failure it was receiving before.
As part of the upgrade, all existing config.h settings were merged into the new config.h, particularly important things like MBEDTLS_X509_CHECK_KEY_USAGE and MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE.
Does anyone have suggestions as to what might have changed? I doubt this is a bug in 2.16.3 - I assume that client key usage checking is fully functional. Perhaps there is a related setting that I missed that is somehow overriding this feature. Any clues where I should look, or how to debug this?