Hi @ all,
We discovered a bug in the Nordic TLS API, which only appears once a secure TCP connection that makes use of certificates is to be established.
The provided TLS example by Nordic only uses the pre-shared key (PSK) variant, and doesn't use certificates.
The bug is located in IoT_SDK_v0.9\components\iot\tls\mbedtls\tls_interface.c: Line 665:
int result = mbedtls_x509_crt_parse(p_interface->p_cacert,
p_settings->p_ca_cert_pem,
sizeof(p_settings->p_ca_cert_pem));
sizeof() is applied to p_settings->p_ca_cert_pem, which is a member of nrf_tls_key_settings_t struct and defined in ..\nrf_tls.h line 91. There it is of type (unsigned char *).
sizeof(p_settings->p_ca_cert_pem) therefore will always be 4, instead of the actual size of the CA certificate. Thus the CA certificate parsing will always fail.
The bug can be fixed by adding a CA certificate length variable to the nrf_tls_key_settings_t struct, as it is done for the own certificate in struct nrf_tls_certificate_t.
