I created a server cert using an intermediate cert. CA root => intermediate cert => server cert.
The error -0x2700 is MBEDTLS_X509_BADCERT_CN_MISMATCH
https://forums.mbed.com/t/x509-verify-c ... x2700/4434
I have enabled mbedtls_debug in menuconfig level 4, but the CN is not printed.
HOw do I compare the tw
Here is the new webserver info
/* Constants that aren't configurable in menuconfig */
#define WEB_SERVER "pidev.localnet"
#define WEB_PORT "1443"
#define WEB_URL "https://pidev.localnet:1443/index.html"
Here is the server cert
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
93:1a:fd:30:68:6b:d2:0b:a9:d9:42:56:3d:9e:2d:35
Signature Algorithm: ecdsa-with-SHA256
Issuer: O = crmep, CN = crmep Intermediate CA
Validity
Not Before: Sep 21 16:21:33 2023 GMT
Not After : Sep 22 16:21:33 2023 GMT
Subject: CN = pidev.localnet
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:b8:1b:21:66:8e:cc:19:b0:07:0a:e7:47:4d:
e2:a3:fc:fe:f5:6b:19:cf:26:bf:6d:f4:f5:30:99:
7a:87:f6:78:a7:66:a4:e7:ea:a1:aa:0a:6b:dc:a6:
91:80
dc:25:4d:58:32:7f:94:08:39:e4:07:c6:9b:5f:91:da:5c
ef:99:76:26:93:08:6e:77:a3:1d:51:c6:b5:87:77:76:24:fa:7b:82:a6:72:53:77:
c3:d7:d2:29:51:b2:f7:20:37:e8:4b:22:a9:4c:e8:
d6:92:f0:cc:39:e3:ea:ff:6e:7f:e7:99:06
2b:80:3f:1d:2c:f5:6d:dd:0f:40:d1:9a:ee:95:63:80:
7f:3d:92:44:08:04:d7:37:bc:dc:f9:5f:9b:c2:b7:
06:b3:a1:a6:06:8b:57:b3:ea:63:dc:00:c3:ed:e1:
97:b5:a8:0e:41:0c:fc:8f:ac:53:cb:ad:39:f4:11:
de:f1:6a:2e:2f:bc:98:d7:eb:4d:2b:ff:06:a0:d6:
02:51:4a:d3:4c:b8:d0:71:44:a8:fc:0a:27:10:8c:
46:9a:a4:c4:e4:ea:83:a0:72:9c:b7:a3:b3:43:16:
ef:c9:55:e3:91:ef:fd:d0:76:5d:03:6e:54:9a:a1:
ce:a1:f4:9c:ce:65:45:5d
17:16:a8:9d:28:ba:36:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Key Identifier:
7A:D2:B7:AD:70:6E:6E:07:A6:01:3B:21:F4:8A:98:3E:21:79:F7:36
X509v3 Authority Key Identifier:
keyid:32:32:11:33:C7:33:06:CC:84:A4:12:85:31:C0:F2:55:43:12:5A:8C
X509v3 Subject Alternative Name:
DNS:pidev.localnet
Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:5a:d9:84:8d:b1:9e:07:ce:48:85:d2:c0:d1:fc:
80:42:11:3e:24:bb:d0:7c:a3:34:a8:85:57:c6:e9:d4:cc:f5:
02:21:00:b3:68:83:4c:1a:50:8e:bf:80:cf
3a:95:f7:3d:4c:da:c2:d6:ec:67:15:d4:04:42:07:b9:48:7b:05:1d:3b
debug output
I (5448) mbedtls: ssl_tls.c:3939 => handshake
I (5448) mbedtls: ssl_msg.c:2124 => flush output
I (5448) mbedtls: ssl_msg.c:2133 <= flush output
I (5458) mbedtls: ssl_tls.c:3859 client state: MBEDTLS_SSL_HELLO_REQUEST
I (5468) mbedtls: ssl_msg.c:2124 => flush output
I (5468) mbedtls: ssl_msg.c:2133 <= flush output
I (5478) mbedtls: ssl_tls.c:3859 client state: MBEDTLS_SSL_CLIENT_HELLO
I (5488) mbedtls: ssl_client.c:906 => write client hello
W (5488) mbedtls: ssl_client.c:258 got supported group(001d)
W (5498) mbedtls: ssl_client.c:258 got supported group(0017)
I (5508) mbedtls: ssl_msg.c:2554 => write handshake message
I (5508) mbedtls: ssl_msg.c:2714 => write record
I (5518) mbedtls: ssl_msg.c:2851 <= write record
I (5518) mbedtls: ssl_msg.c:2675 <= write handshake message
I (5528) mbedtls: ssl_client.c:994 <= write client hello
I (5528) mbedtls: ssl_msg.c:2124 => flush output
I (5538) mbedtls: ssl_msg.c:2138 message length: 214, out_left: 214
I (5548) mbedtls: ssl_msg.c:2145 ssl->f_send() returned 214 (-0xffffff2a)
I (5548) mbedtls: ssl_msg.c:2172 <= flush output
I (5558) mbedtls: ssl_tls.c:3859 client state: MBEDTLS_SSL_SERVER_HELLO
I (5568) mbedtls: ssl_tls12_client.c:1195 => parse server hello
I (5568) mbedtls: ssl_msg.c:3887 => read record
I (5578) mbedtls: ssl_msg.c:1926 => fetch input
I (5588) mbedtls: ssl_msg.c:2066 in_left: 0, nb_want: 5
I (5588) mbedtls: ssl_msg.c:2086 in_left: 0, nb_want: 5
I (5598) mbedtls: ssl_msg.c:2089 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
I (5608) mbedtls: ssl_msg.c:2111 <= fetch input
I (5608) mbedtls: ssl_msg.c:1926 => fetch input
I (5618) mbedtls: ssl_msg.c:2066 in_left: 5, nb_want: 90
I (5618) mbedtls: ssl_msg.c:2086 in_left: 5, nb_want: 90
I (5628) mbedtls: ssl_msg.c:2089 ssl->f_recv(_timeout)() returned 85 (-0xffffffab)
I (5638) mbedtls: ssl_msg.c:2111 <= fetch input
I (5638) mbedtls: ssl_msg.c:3959 <= read record
I (5648) mbedtls: ssl_tls12_client.c:1446 server hello, total extension length: 9
I (5658) mbedtls: ssl_tls12_client.c:1660 <= parse server hello
I (5658) mbedtls: ssl_msg.c:2124 => flush output
I (5668) mbedtls: ssl_msg.c:2133 <= flush output
I (5668) mbedtls: ssl_tls.c:3859 client state: MBEDTLS_SSL_SERVER_CERTIFICATE
I (5678) mbedtls: ssl_tls.c:7559 => parse certificate
I (5688) mbedtls: ssl_msg.c:3887 => read record
I (5688) mbedtls: ssl_msg.c:1926 => fetch input
I (5698) mbedtls: ssl_msg.c:2066 in_left: 0, nb_want: 5
I (5698) mbedtls: ssl_msg.c:2086 in_left: 0, nb_want: 5
I (5708) mbedtls: ssl_msg.c:2089 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
I (5718) mbedtls: ssl_msg.c:2111 <= fetch input
I (5718) mbedtls: ssl_msg.c:1926 => fetch input
I (5728) mbedtls: ssl_msg.c:2066 in_left: 5, nb_want: 692
I (5738) mbedtls: ssl_msg.c:2086 in_left: 5, nb_want: 692
I (5738) mbedtls: ssl_msg.c:2089 ssl->f_recv(_timeout)() returned 687 (-0xfffffd51)
I (5748) mbedtls: ssl_msg.c:2111 <= fetch input
I (5758) mbedtls: ssl_msg.c:3959 <= read record
W (5768) mbedtls: ssl_tls.c:7378 x509_verify_cert() returned -9984 (-0x2700)
I (5768) mbedtls: ssl_msg.c:4868 => send alert message
I (5778) mbedtls: ssl_msg.c:2714 => write record
I (5778) mbedtls: ssl_msg.c:2124 => flush output
I (5788) mbedtls: ssl_msg.c:2138 message length: 7, out_left: 7
I (5788) mbedtls: ssl_msg.c:2145 ssl->f_send() returned 7 (-0xfffffff9)
I (5798) mbedtls: ssl_msg.c:2172 <= flush output
I (5808) mbedtls: ssl_msg.c:2851 <= write record
I (5808) mbedtls: ssl_msg.c:4880 <= send alert message
I (5818) mbedtls: ssl_tls.c:3950 <= handshake
E (5818) esp-tls-mbedtls: mbedtls_ssl_handshake returned -0x2700
I (5828) esp-tls-mbedtls: Failed to verify peer certificate!
E (5838) esp-tls: Failed to open new connection
E (5838) example: Connection failed...