Using the sample applications tlsclienthello and tlssimple server I set the tlsclienthello to use TLS 1.3 on line 104 and when I ran the application it all worked fine, except validate_certificate() was not called. After debuging the application I found that CHECK_SIZE on line 6766 fails in the function tls_parse_certificate() which results in no certificates being loaded into the context. The value in size_of_all_certificates is 1 greater than buf_len - res so it fails with a need more data error. I changed the way the validation is done with the following code which ends up loading the certificates.

int size = size_of_all_certificates;

#ifdef WITH_TLS_13
if ((context->version == TLS_V13) || (context->version == DTLS_V13)) {
int context_size = buf[res];
res++;
size--;
// must be 0
if (context_size)
res += context_size;
}
#endif

CHECK_SIZE(size, buf_len - res, TLS_NEED_MORE_DATA);

After the call to tls_parse_certificate() completes I had to change the function tls_parse_payload() as follows because certificate_verify() was not called due to context->is_server being 0.

#ifdef WITH_TLS_13
if ((context->version == TLS_V13) || (context->version == DTLS_V13)) {
if (context->connection_status == 2) {
payload_res = tls_parse_certificate(context, buf + 1, payload_size, context->is_server);
if (context->is_server) {
if ((certificate_verify) && (context->client_certificates_count))
certificate_verify_alert = certificate_verify(context, context->client_certificates, context->client_certificates_count);
// empty certificates are permitted for client
if (payload_res <= 0)
payload_res = 1;
}
else {
if ((certificate_verify) && (context->certificates_count))
certificate_verify_alert = certificate_verify(context, context->certificates, context->certificates_count);
}
} else
payload_res = TLS_UNEXPECTED_MESSAGE;
} else
#endif

Thank you, it should be fine now.