Hi,
I am working on porting AWS freeRTOS to a new platform I referred freertos programming guide to do that.
Now my issue is, I m facing certificate parsing error in mbedtls_x509_crt_parse() - MBEDTLS_ERR_X509_INVALID_FORMAT(-2108) in function call while performing TLS_Connect() in iot_tls.c file , Mbedtls version string is “mbed TLS 2.16.0”.
After debugging I enabled MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 and MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION macro but still no luck.
I have created a certificate from the one-click method from AWS console and then used tools/certificate_configuration/CertificateConfigurator.html tool to get freeRTOS supported aws_clientcredential_keys.h file and replace in my code.
(Not able to attach files here)
Also if I apply Linux parse command with OpenSSL,
openssl x509 -in x.y.z-certificate.pem.crt -text -noout
But its showing out with no error
Above is a certificate generated by AWS CertificateConfigurator.html
I performed same with on oboard key generation method also.
it is being used to save in NV Memory i.e trust -m(we have used HSM model) with vDevModeKeyProvisioning() and I don’t see any errors here.
After this call, it begins to communication and in doing so it creates Socket (which is okay ) then it tries to connect(socket_connect).
This call intern calls TLS_connect where it performs Handshaking in an early stage but before that, it parses this certificate by getting into RAM from NV memory(trust-m) using prvReadCertificateIntoContext() call and fails in mbedtls_x509_crt_parse() with an above-mentioned error.
Further deep debugging I found that from mbedtls_asn1_get_tag() function receiving MBEDTLS_ERR_ASN1_OUT_OF_DATA .
Can you try swapping out the calls into PKCS #11, and instead directly try and parse the keyCLIENT_CERTIFICATE_PEM macro and see if that works as expected?