Hello WolfSsl community,

We're using WolfSsl 5.8.0 as TLS client on a simply MCU which is very limited on
memory space and less limited on program/flash space.

Because of this, and for several other reasons as well, I do not want to use
wolfSSL_CTX_load_verify_buffer_ex(... format=SSL_FILETYPE_ASN1, userChain=1 ...)
to load all root CA certificates to be able to verify the server certificate chain (SSL_VERIFY_PEER).

Btw. https://curl.se/docs/caextract.html shows there are >100 root CA certificates to have
in the system "local trust store". Some of them aren't relevant, but I guess maybe 50-80 ones
are (the system is quite generic and used internationally).

So, I thought about and implemented "on-demand root CA certificate loading".
It works as follows:

1. create an SKI-indexed list of (the most important) root CA certificates in DER format
2. the list will be part of the FW-image which resides on flash (and on MCU program flash during execution)
3. GetCA will be changed to search the list, add a certificate with wolfSSL_CTX_load_verify_buffer and try again (=2nd attempt) if the cert. can not be found the 1st attempt.

Since it is an SKI (Subject Key Identifier) indexed list and an SKI is assumed to be 20 bytes
the limitations are obvious. There is no support for certificates without SKI and/or truncated SKI.
I believe this is acceptable.

I'd like to ask: is there anything fundamentally wrong with the above concept?

Thanks for your thoughts!