libcoap DTLS seems to lack server chain file

[jrturner007]

The coap_dtls_pkey_t data structure seems to only support a server-cert, the corresponding private key for the server-cert, and a CA file to verify client certs -- I don't see a file that contains the server "chain" that corresponds to the server-cert -- this type of file seems to be available in the coap_server_openssl example, but I can't find how to specify this for DTLS servers

[mrdeep1]

For PEM based files/memory data, this can include the entire CA chain of multiple certificates (multiple -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----) should you require for the CA definition. However, this does not work for ASN1 definitions (only a single CA certificate can be defined), and likewise for PKCS11 definitions.

The actual structure is coap_dtls_key_t that contains the union for defining how the different certificate types are accessed, which is a part of the coap_dtls_pki_t structure that is passed into the PKI setup logic (using coap_context_set_pki(3) or coap_new_client_session_pki(3) for clients).

In addition, there is coap_context_set_pki_root_cas(3).

It is worth looking at coap_endpoint_server(3).