x509_verify_cert() Return 0x2700
I have a mqtt server. When I try to make a secure connection to this server via websocket, I get the following error. I am using certbot certificate on the server.
F:/ThirtParty/mbedtls-2.4.2/library/ssl_tls.c Line : 4454 x509_verify_cert() returned -9984 (-0x2700)
From the log and error, I believe that the error is caused by a failure in
It could be either because:
/* Parent must be the issuer */ if( x509_name_cmp( &child->issuer, &parent->subject ) != 0 ) return( -1 );
if( need_ca_bit && ! parent->ca_istrue ) return( -1 );
Note in your log you have th line: "basic constraints : CA=false" which means
In addition, from certbot user guide: "
cert.pem contains the server certificate by itself, and
chain.pem contains the additional intermediate certificate or certificates that web browsers will need in order to validate the server certificate. If you provide one of these files to your web server, you must provide both of them, or some browsers will show “This Connection is Untrusted” errors for your site, some of the time"
Please verify you have a proper trusted ca, or a parent upwards in the certificate chain
mbed TLS Team member
I have defined it in the config.h file. #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
The handshake succeeded after this operation.
Yes, this would be another reason for failure