Merge pull request #4568 from creiter32/to_upstream/csr_critical_extensions
Expose flag for critical extensions
This commit is contained in:
commit
6d84e917bb
4 changed files with 18 additions and 3 deletions
3
ChangeLog.d/issue4055.txt
Normal file
3
ChangeLog.d/issue4055.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
API changes
|
||||
* The function mbedtls_x509write_csr_set_extension() has an extra parameter
|
||||
which allows to mark an extension as critical. Fixes #4055.
|
9
docs/3.0-migration-guide.d/csr-add-critical-extension.md
Normal file
9
docs/3.0-migration-guide.d/csr-add-critical-extension.md
Normal file
|
@ -0,0 +1,9 @@
|
|||
Change the API to allow adding critical extensions to CSRs
|
||||
------------------------------------------------------------------
|
||||
|
||||
This affects applications that call the `mbedtls_x509write_csr_set_extension`
|
||||
function.
|
||||
|
||||
The API is changed to include the parameter `critical` which allow to mark an
|
||||
extension included in a CSR as critical. To get the previous behaviour pass
|
||||
`0`.
|
|
@ -235,6 +235,7 @@ int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
|
|||
* \param ctx CSR context to use
|
||||
* \param oid OID of the extension
|
||||
* \param oid_len length of the OID
|
||||
* \param critical Set to 1 to mark the extension as critical, 0 otherwise.
|
||||
* \param val value of the extension OCTET STRING
|
||||
* \param val_len length of the value data
|
||||
*
|
||||
|
@ -242,6 +243,7 @@ int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
|
|||
*/
|
||||
int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
|
||||
const char *oid, size_t oid_len,
|
||||
int critical,
|
||||
const unsigned char *val, size_t val_len );
|
||||
|
||||
/**
|
||||
|
|
|
@ -83,10 +83,11 @@ int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
|
|||
|
||||
int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
|
||||
const char *oid, size_t oid_len,
|
||||
int critical,
|
||||
const unsigned char *val, size_t val_len )
|
||||
{
|
||||
return mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len,
|
||||
0, val, val_len );
|
||||
critical, val, val_len );
|
||||
}
|
||||
|
||||
int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage )
|
||||
|
@ -103,7 +104,7 @@ int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned ch
|
|||
|
||||
ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
|
||||
MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
|
||||
c, (size_t)ret );
|
||||
0, c, (size_t)ret );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
|
@ -125,7 +126,7 @@ int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
|
|||
|
||||
ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
|
||||
MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
|
||||
c, (size_t)ret );
|
||||
0, c, (size_t)ret );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
|
|
Loading…
Reference in a new issue