Mbed forum

X509v3 extensions


(Christoph Rüdiger) #1

Hi folks,

I’m missing access to the v3 extensions in a x509 certificate for my current project. Has anyone here already implemented this in a separate branch/repository? Or has anyone sketched a plan how parsing of the v3 extensions might look like, which might help me to implement it?

Thanks,
Christoph


(Ron Eldor) #2

Hi Christoph,
Mbed TLS supports parsing of several X509 v.3 extension.
You can look at the code of x509_get_crt_ext called by x509_crt_parse_der_core() which is called by the public API mbedtls_x509_crt_parse_der() (and mbedtls_x509_crt_parse_pem())
Regards,
Mbed TLS Team member
Ron


(Christoph Rüdiger) #3

Hi Ron,
thanks for pointing me to x509_get_crt_ext. I was looking for a more general way to support arbitrary extensions, but what is really just missing is an interface to the user. What x509_get_crt_ext does right now is bailing out if it sees an unknown extension. I’ll add a callback there to let the user handle any unknown extension.
Regards,
Christoph