Failing to connect to https servers with esp_mbedtls

[gustavowd]

Hello,
First of all I would like to thank you for this amazing project.

I used reqwless to access https://www.google.com and https://worldtimeapi.org/api/timezone/America/Sao_Paulo.txt.

With the embedded-tls feature everything worked, using the following TLS configuration:

let tls_config = TlsConfig::new(
seed,
&mut self.read_record_buffer,
&mut self.write_record_buffer,
TlsVerify::None,
);

In other words, without using any license or private key.

However, when I try to make the same request with the esp-mbedtls feature I get the following errors:

WARN - 1 (/home/ivan/dev/esp-mbedtls/esp-mbedtls-sys/mbedtls/library/ssl_tls13_client.c:1991) Switch to handshake keys for inbound traffic
WARN - 1 (/home/ivan/dev/esp-mbedtls/esp-mbedtls-sys/mbedtls/library/ssl_msg.c:4771) Ignore ChangeCipherSpec in TLS 1.3 compatibility mode
WARN - 1 (/home/ivan/dev/esp-mbedtls/esp-mbedtls-sys/mbedtls/library/ssl_tls13_generic.c:653) x509_verify_cert() returned -9984 (-0x2700)
WARN - MbedTLS error: -9984 / ffffd900

The configuration of certificates and private keys looked like this:

let tls_config = TlsConfig::new(
reqwless::TlsVersion::Tls1_2,
reqwless::Certificates {
ca_chain: None,
certificate: None,
private_key: None,
password: None,
},
self.tls.reference(), // Will use hardware acceleration
);

Any ideas about this?

[gustavowd]

Complementing the information, I was able to use esp_mbedtls with a server that I created and self-signed certificates. However, on other https servers, as reported, the certificate verification in the x509_verify_cert() function always fails.