Mbed TLS is now part of TrustedFirmware.org.

building ca chain -- duplicates

Jun 18, 2016 16:04

Here in 2.2.1, I build the ca chain on my client with some mbedtls_x509_crt_parse_file() and mbedtls_x509_crt_parse_path() applied to likely locations for the ca bundle, but thanks to symlinks I end up with four or five copies of each cert.

I'm trying to stick to the function interface as much as possible and not dig through data structures very much to minimize rewriting over time, but I haven't found anything to take care of this.

Jun 22, 2016 08:51
Paul Bakker

The solution would be to create a 'smarter' certificate chain builder that checks the chains for duplicates before adding them.

Not something currently on our roadmap.