X509v3 extensions

Hi folks,

I’m missing access to the v3 extensions in a x509 certificate for my current project. Has anyone here already implemented this in a separate branch/repository? Or has anyone sketched a plan how parsing of the v3 extensions might look like, which might help me to implement it?

Thanks,
Christoph

Hi Christoph,
Mbed TLS supports parsing of several X509 v.3 extension.
You can look at the code of x509_get_crt_ext called by x509_crt_parse_der_core() which is called by the public API mbedtls_x509_crt_parse_der() (and mbedtls_x509_crt_parse_pem())
Regards,
Mbed TLS Team member
Ron

Hi Ron,
thanks for pointing me to x509_get_crt_ext. I was looking for a more general way to support arbitrary extensions, but what is really just missing is an interface to the user. What x509_get_crt_ext does right now is bailing out if it sees an unknown extension. I’ll add a callback there to let the user handle any unknown extension.
Regards,
Christoph