I am trying to verify a certificate with the mbedtls_x509_crt_verify function. I can pass a list of trusted CAs with the “trust_ca”-parameter. My problem is that I also have a list of intermediate CAs which I do not trust but should be used to build the certificate chain. Something like the chain-parameter in the OpenSSL function X509_STORE_CTX_init. According to the documentation I can pass the certificate chain to the mbedtls_x509_crt_verify-function via the crt-parameter but is there a possibility to build that chain with a list of untrusted intermediate CAs?
Thank you very much