Arm Mbed OS support forum

Mbedtls_x509_crt_verify fails while verifying self-signed CA

Hey All,

A very happy new year!!

I have a certificate chain containing device certificate and a self-signed CA certificate. I’m trying to verify device certificate against this CA. for verification I’m using mbedtls_x509_crt_verify API.
While verifying I am getting this error with self-signed CA.

If I verify the same certificate using openssl command IT works.

openssl verify -verbose -show_chain -CAfile test_cacrt.pem test_crt.pem 
test_crt.pem: OK
Chain:
Depth=0:
Depth=1:

As stated here.

So, I set basic constraints : CA=true and then tried performing verification again and in that case It worked. But I’m not sure if it is the valid solution as per mbedtls API document.

Could anyone please explain me what could be the proper solution for this issue?

Thanks.