ARMmbed

Mbedtls_x509_crt_verify 2700 on embedded platform

I am trying validate one root CA and one Intermediate CA signed by root CA.

On linux PC, it is working fine, But on arm based embedded platform mbedtls_x509_crt_verify function is -0x2700 . What could be possibly went wrong. Using valgrind profiled the memory utilization - found to be 12 kb on heap 16kb on stack.

I configured my RTOS to have even more like 32k for each and still getting this error. What else would went wrong, any help would be appreciated.

On Linux platform: parsing & verification success
On embedded platform: Parsing trusted cert & verify cert are successful, but verification failed with error return -0x2700 and flag 512.

#include <stdio.h>
#include <stdint.h>
#include <string.h>
#include "mbedtls/x509_crt.h"

int main()
{
int ret;     uint32_t flags;
uint8_t BufDEVICECert[] = DEVICE_RSA_CERT; //preprocessor
uint8_t BufCaCert[] = ROOT_CA_RSA_CERT; //preprocessor

mbedtls_x509_crt CtxDEVICECert;
mbedtls_x509_crt CtxCaCert;

mbedtls_x509_crt_init( &CtxDEVICECert );
mbedtls_x509_crt_init( &CtxCaCert );

printf( "Parsing DEVICE.Cert " );
if( ret = mbedtls_x509_crt_parse( &CtxDEVICECert, BufDEVICECert,
                                  sizeof(BufDEVICECert) ) )
    printf( "ret-code: 0x%04x \r\n", -ret );
printf( "Parsing Ca.Cert " );
if( ret = mbedtls_x509_crt_parse( &CtxCaCert, BufCaCert,
                                  sizeof(BufCaCert) ) )
    printf( "ret-code: 0x%04x \r\n", -ret );
printf( "Verify DEVICE.Cert " );
ret = mbedtls_x509_crt_verify( &CtxDEVICECert, &CtxCaCert, NULL,
                               NULL, &flags, NULL, NULL );
printf( "ret-code: 0x%04x \r\n", -ret );
return ret;
}

Thanks,
Gopi Krishnan

Hi @gopi219
The flag 512 is 0x200 which is MBEDTLS_X509_BADCERT_FUTURE.
This probably means that the system time in your device is not set correct.
Regards,
Mbed TLS Support
Ron