From 64937856e07a7fc611bfd48ce30e8abd0e727406 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Mon, 15 Aug 2022 14:12:25 +0100
Subject: [PATCH] Correct order of extended key usage attributes

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 programs/x509/cert_write.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index d1c716b8a..2f51e19c8 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -445,13 +445,14 @@ int main( int argc, char *argv[] )
         }
         else if( strcmp( p, "ext_key_usage" ) == 0 )
         {
+            mbedtls_asn1_sequence **tail = &opt.ext_key_usage;
+
             while( q != NULL )
             {
                 if( ( r = strchr( q, ',' ) ) != NULL )
                     *r++ = '\0';
 
                 ext_key_usage = mbedtls_calloc( 1, sizeof(mbedtls_asn1_sequence) );
-                ext_key_usage->next = opt.ext_key_usage;
                 ext_key_usage->buf.tag = MBEDTLS_ASN1_OID;
                 if( strcmp( q, "serverAuth" ) == 0 )
                     SET_OID( ext_key_usage->buf, MBEDTLS_OID_SERVER_AUTH );
@@ -467,7 +468,9 @@ int main( int argc, char *argv[] )
                     SET_OID( ext_key_usage->buf, MBEDTLS_OID_OCSP_SIGNING );
                 else
                     goto usage;
-                opt.ext_key_usage = ext_key_usage;
+
+                *tail = ext_key_usage;
+                tail = &ext_key_usage->next;
 
                 q = r;
             }