diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 40b75a2b9..9f92ed6ac 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -385,8 +385,9 @@ int mbedtls_x509_time_is_future(const mbedtls_x509_time *from);
  * \param san      The target structure to populate with the parsed presentation
  *                 of the subject alternative name encoded in \p san_raw.
  *
- * \note           Only "dnsName", "uniformResourceIdentifier" and "otherName",
- *                 as defined in RFC 5280, is supported.
+ * \note           Supported GeneralName types, as defined in RFC 5280:
+ *                 "dnsName", "uniformResourceIdentifier" and "hardware_module_name"
+ *                 of type "otherName", as defined in RFC 4108.
  *
  * \note           This function should be called on a single raw data of
  *                 subject alternative name. For example, after successful
diff --git a/library/x509.c b/library/x509.c
index 9f0dc6253..b859df9d3 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -1227,8 +1227,9 @@ static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name,
  *      nameAssigner            [0]     DirectoryString OPTIONAL,
  *      partyName               [1]     DirectoryString }
  *
- * NOTE: we list all types, but only use "dnsName", "otherName" and
- * "uniformResourceIdentifier", as defined in RFC 5280, at this point.
+ * We list all types, but use the following GeneralName types from RFC 5280:
+ * "dnsName", "uniformResourceIdentifier" and "hardware_module_name"
+ * of type "otherName", as defined in RFC 4108.
  */
 int mbedtls_x509_get_subject_alt_name(unsigned char **p,
                                       const unsigned char *end,