commit 0488ce653a1cf791be9d4061832e33694e6d1f63
author Simon Butcher <simonb@redtangent.net> Sun Sep 30 15:36:50 2018 +0100
committer Simon Butcher <simonb@redtangent.net> Sat Oct 06 17:17:54 2018 +0100
tree fa97c7799336e562ec6adbf3e0f2b6a9faec916d
parent 0592ea772aee48ca1e6d9eb84eca8e143033d973

Add support for alternative CSR headers

Add support for RFC7468, and the alternative Microsoft footer/headers for CSR's
that contain the text 'BEGIN NEW CERTIFICATE REQUEST' instead of
'BEGIN CERTIFICATE REQUEST'.

library/x509_csr.c

diff --git a/library/x509_csr.c b/library/x509_csr.c
index f844257..032b15c6 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -279,15 +279,23 @@
     {
         mbedtls_pem_init( &pem );
         ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN CERTIFICATE REQUEST-----",
-                               "-----END CERTIFICATE REQUEST-----",
-                               buf, NULL, 0, &use_len );
-
+                                       "-----BEGIN CERTIFICATE REQUEST-----",
+                                       "-----END CERTIFICATE REQUEST-----",
+                                       buf, NULL, 0, &use_len );
+        if( ret != 0 )
+        {
+            ret = mbedtls_pem_read_buffer( &pem,
+                                           "-----BEGIN NEW CERTIFICATE REQUEST-----",
+                                           "-----END NEW CERTIFICATE REQUEST-----",
+                                           buf, NULL, 0, &use_len );
+        }
         if( ret == 0 )
+        {
             /*
              * Was PEM encoded, parse the result
              */
             ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen );
+        }
 
         mbedtls_pem_free( &pem );
         if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )