Well, the thing is I want to change the default SSL provider on Android. Now, CyaSSL looks like something I could use, but on x86 (I'm simulating the behavior first), I cannot make the examples work with my server.
The binaries client/server will communicate just fine, but client/apache always fails when the server verifies the identity of the client. So the communication is fine, but the content is not.
Using wireshark I can see something like this:
TLSv1.2 Application data
TLSv1.2 Encrypted Handshake Message
TLSv1.2 Encrypted Alert
Looking at the content of the last frame, I can see the alert is 21. Looking at the TLS RFC, this alert means "decryption_failed(21)". So basically, the encryption client side always fails.
I've taken a look at the code but I don't see anything too strange. Not sure why it wouldn't work.
Tried my own certs (which work with browser or java code)
Tried yassl certs from certs folder
Apache 2.4.3 with openSSL 1.0.1c
(before I was using Apache 2.x/OSSL 0.9.8k but upgraded just in case OSSL was the failure)
Edit: also, I confirm that I was looking at the right function from internal.c. But scratch my early comments from this function, they're mostly wrong