Server certificate validation - naSslSetCertVerify callback never called?

Hi@all,

i’m currently evaluating the ConnectCore 9P 9215 with Net+OS 7.4.2, trying to build up a SSL connection (µC = client) with authentication and certificate validation on both sides.
As i have read in another thread, the client authentication has not been implemented yet? Is it planned for future releases?

Regarding server certificate validation, i use the naSslSetCertVerify function to activate the validation and configure the callback function:

int VerifyCertificatesCallback(int sock_fd, int error, const unsigned char * cert, int len)
{
   return 1;	
}

...

result = naSslSetCertVerify(hCertDB, &VerifyCertificatesCallback, SSL_CERTIFICATE_VERIFY_PEER);

Creating the certificate database and adding certificates (Client cert, private key, root CA, intermediate CA) works flawless and the naSslSetCertVerify returns SSL_SUCCESS.

Nevertheless, the callback function is never called and the server certificate verification fails. The client sends a TLS alert message “Bad certificate” to server, which then resets the connection (see attached wireshark screenshot).

When i skip the validation by setting SSL_CERTIFICATE_VERIFY_NONE in the naSslSetCertVerify function, the handshake works fine, the connection is established and working without any problems.

Does anyone know why the callback is never called or the validation fails everytime?

Thanks a lot,
Andreas

Update:
Verification of the server certificate works, when the server certificate has been saved in the local certificate store with type SSL_CERTIFICATE_PEER (i assume the certificates are compared bitwise in that case?). When the server certificate is missing, the handshake fails.

I still have no clue why the callback function is not called, noone here who came across this?