Read peer certificate from SSL context

Jordi_Enguidanos · September 20, 2022, 1:44pm

I have created a server with TLS and I need to read the certificate used by the client (the client code is also made by me). I have read that I can use the ssl.session->peer_cert object, but I get the message Certificate is uninitialised! when I use mbedtls_x509_crt_info. I have also defined the macro MBEDTLS_SSL_SSL_KEEP_PEER_CERTIFICATE.

Basically what I need is to validate the client certificate, check that the certificate issuer is trusted and the expiration date has not been reached or is close to being reached.

I am reading code and following breakponts in debugging, but if someone could shed some light I would appreciate it, I have just recently started with MbedTLS.

Jordi_Enguidanos · September 22, 2022, 6:26am

After hours of trial and error, I have learned a few things and have come to the conclusion that the approach I am taking in the question is not correct. Actually my client is not configured to send a leaf certificate, but a CA.

In Stack Overflow I have made the question in another way

Topic		Replies	Views
Mbedtls_pk_context handling Crypto and SSL questions	4	2165	December 16, 2018
Differenciate a CA and a user certificate Mbed TLS	2	366	April 9, 2019
Tracking mbedtls_ssl_states Crypto and SSL questions mbed_tls	3	526	June 16, 2019
Mbedtls_ssl_read() returns `MBEDTLS_ERR_NET INVALID_CONTEXT` Mbed TLS mbed_tls	2	1019	December 6, 2023
Program stops execution on the mbedtls_x509_crt_verify() call Mbed TLS mbed_tls	3	442	July 14, 2023

Read peer certificate from SSL context

Related Topics