From 81b0b89a34eed11d7e5c3136d1f620d24e41e6f8 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 16 Feb 2023 06:55:10 -0500 Subject: [PATCH] Clarify comments on subjectAltName types Signed-off-by: Andrzej Kurek --- include/mbedtls/x509.h | 5 +++-- library/x509.c | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 40b75a2b9..9f92ed6ac 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -385,8 +385,9 @@ int mbedtls_x509_time_is_future(const mbedtls_x509_time *from); * \param san The target structure to populate with the parsed presentation * of the subject alternative name encoded in \p san_raw. * - * \note Only "dnsName", "uniformResourceIdentifier" and "otherName", - * as defined in RFC 5280, is supported. + * \note Supported GeneralName types, as defined in RFC 5280: + * "dnsName", "uniformResourceIdentifier" and "hardware_module_name" + * of type "otherName", as defined in RFC 4108. * * \note This function should be called on a single raw data of * subject alternative name. For example, after successful diff --git a/library/x509.c b/library/x509.c index 9f0dc6253..b859df9d3 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1227,8 +1227,9 @@ static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name, * nameAssigner [0] DirectoryString OPTIONAL, * partyName [1] DirectoryString } * - * NOTE: we list all types, but only use "dnsName", "otherName" and - * "uniformResourceIdentifier", as defined in RFC 5280, at this point. + * We list all types, but use the following GeneralName types from RFC 5280: + * "dnsName", "uniformResourceIdentifier" and "hardware_module_name" + * of type "otherName", as defined in RFC 4108. */ int mbedtls_x509_get_subject_alt_name(unsigned char **p, const unsigned char *end,