NetX TLS server with client authentification failed with error 0x20007

Hello

I am working to evaluate NetX for our product. My task is to set up a TLS server using NetX secure and test it using openssl.

Currently, the TLS server is running correctly using TLS 1.2 and TLS 1.3, both using ECC and RSA.

Now, I need to setup client authentication. The documentation isn't that clear but I figured out I need to compile netx_secure with NX_SECURE_ENABLE_CLIENT_CERTIFICATE_VERIFY and NX_SECURE_ALLOW_SELF_SIGNED_CERTIFICATES.

I followed the documentation :

• add the client certificate using nx_secure_x509_certificate_initialize with NX_NULL in privKey field than add it using nx_secure_tls_trusted_certificate_add
• nx_secure_tls_session_client_verify_enable during init (ie, before nx_secure_tls_session_start)

All nx_* functions calls return 0.

When I try to connect (with the correct certificate), nx_secure_tls_session_start failed with error code 0x20007 (NX_CRYPTO_PTR_ERROR).

More test I've done :

• connexion with a non-matching certificate chain : error 0x18C (expected)
• connexion without giving client certificate : error 0x132 (expected)

I also tried mixing TLS 1.2/1.3 and ECC/RSA and I have the same issue.

More info :

• SSL command line : openssl s_client -port PORTNB -tls1_2 -cert clientCert.pem -key clientPrivKey.pem -CAfile serverCert.pem -verify_return_error IP
  OpenSSL return an alert 80
• Traffic seen by wireshark