MBEDTLS_SSL_KEEP_PEER_CERTIFICATE macro
\def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE This option controls the availability of the API mbedtls_ssl_get_peer_cert() giving access to the peer's certificate after completion of the handshake. Unless you need mbedtls_ssl_peer_cert() in your application, it is recommended to disable this option for reduced RAM usage. Comment this macro to disable storing the peer's certificate after the handshake.
Syntax
#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
Notes
If this option is disabled, mbedtls_ssl_get_peer_cert() is still defined, but always returns \c NULL. This option has no influence on the protection against the triple handshake attack. Even if it is disabled, Mbed TLS will still ensure that certificates do not change during renegotiation, for example by keeping a hash of the peer's certificate. This option is required if MBEDTLS_SSL_PROTO_TLS1_3 is set.