commit 2d9e35927577ef4c602534b650d6cdfd5d4314ea
author Jens Alfke <jens@couchbase.com> Tue Oct 29 15:03:37 2019 -0700
committer Przemek Stekiel <przemyslaw.stekiel@mobica.com> Tue Jan 24 10:56:55 2023 +0100
tree d32b1490b5299439a0f843d5afe11aa4a4a80721
parent 449bd8303eed8164b83682d2ce028dca0e49b1fa

Parsing v3 extensions from a CSR

A parsed CSR struct (`mbedtls_x509_csr`) now includes some of the
X.509v3 extensions included in the CSR -- the key usage, Netscape
cert-type, and Subject Alternative Names.

Author: Jens Alfke <jens@couchbase.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

include/mbedtls/x509_csr.h

diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 50998c4..216a0a2 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -58,6 +58,10 @@
 
     mbedtls_pk_context pk;          /**< Container for the public key context. */
 
+    unsigned int key_usage;     /**< Optional key usage extension value: See the values in x509.h */
+    unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */
+    mbedtls_x509_sequence subject_alt_names;    /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
+
     mbedtls_x509_buf sig_oid;
     mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
     mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md);       /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */