Error reading DER formated tc.key file with mbedtls 3.6.4 #212
Description
Hello!
I used this patch to build basicstation with mbedtls 3.6.4 on OpenWRT 24.10:
On Amazon IOT I get this, after cups does a update of the tc.* files:
2025-08-21 14:21:54.076 [CUP:INFO] Interaction with CUPS done (no updates) - next regular check in 1d
2025-08-21 14:21:54.076 [TCE:INFO] Starting TC engine
2025-08-21 14:21:54.077 [AIO:INFO] /etc/station/tc.trust:
cert. version : 3
serial number : A7:0E:4A:4C:34:82:B7:7F
issuer name : C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
subject name : C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
issued on : 2009-09-02 00:00:00
expires on : 2034-06-28 17:39:16
signed using : RSA with SHA-256
RSA key size : 2048
2025-08-21 14:21:54.077 [any:ERRO] Parsing key: PK - Invalid key tag or value
2025-08-21 14:21:54.077 [AIO:ERRO] tc key/cert rejected by MBedTLS
2025-08-21 14:30:05.181 [TCE:INFO] Router rejected or retry limit reached. Invoking CUPS.
2025-08-21 14:30:05.181 [TCE:INFO] Terminating TC engine
2025-08-21 14:30:05.181 [CUP:INFO] Starting a CUPS session in 60 seconds.
A file command on this files gives me:
tc.crt: Certificate, Version=3
tc.key: DER Encoded Key Pair, 2048 bits
tc.trust: Certificate, Version=3, Serial=00a70e4a4c3482b77f
tc.uri: ASCII text, with no line terminators
The cups.* files are from AWS IOT and come with PEM File format, is there problem now with parsing a DER formated key file, which is updated from basicstation? Has someone an idea what is wrong or what i can do ? With mbedtls 2.x it worked!
thx regards manfred