How to enable mbedTLS to validate certificates with RSA 1024?
When I use the command line "mbedtls_cert_app mode='file' filename=1.pem ca_file=ca.pem", mbedTLS failed to validate the certificate for its too short RSA (RSA 1024).
How to enable mbedTLS to validate certificates with RSA 1024 in command line?
The reason that 1024 bit key size signed certificate fails, is as you said, it's too short. 1024 bit size key is considered obsolete, and not secured, so you should not encounter such certificates in real use case.
In addition, our programs are for reference only, and do not cover all functionality. If you wish to test your own certificate, signed with a 1024 bit size key, you should replace the call for
mbedtls_x509_crt_verify_with_profile and use a your profile as input parameter, similar to
mbedtls_x509_crt_profile_default, except 1024 will be the minimal key size instead of 2048.
Mbed TLS Team member
Thank you for your answer!