commit 81b0b89a34eed11d7e5c3136d1f620d24e41e6f8
author Andrzej Kurek <andrzej.kurek@arm.com> Thu Feb 16 06:55:10 2023 -0500
committer Andrzej Kurek <andrzej.kurek@arm.com> Thu Feb 16 06:55:10 2023 -0500
tree f984041c9dddc2088f604ada09f7defc79b722c0
parent 570a0f808bc2e099b927f8981bea64ba130fbd3f

Clarify comments on subjectAltName types

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

include/mbedtls/x509.h

diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 40b75a2..9f92ed6 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -385,8 +385,9 @@
  * \param san      The target structure to populate with the parsed presentation
  *                 of the subject alternative name encoded in \p san_raw.
  *
- * \note           Only "dnsName", "uniformResourceIdentifier" and "otherName",
- *                 as defined in RFC 5280, is supported.
+ * \note           Supported GeneralName types, as defined in RFC 5280:
+ *                 "dnsName", "uniformResourceIdentifier" and "hardware_module_name"
+ *                 of type "otherName", as defined in RFC 4108.
  *
  * \note           This function should be called on a single raw data of
  *                 subject alternative name. For example, after successful

library/x509.c

diff --git a/library/x509.c b/library/x509.c
index 9f0dc62..b859df9 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -1227,8 +1227,9 @@
  *      nameAssigner            [0]     DirectoryString OPTIONAL,
  *      partyName               [1]     DirectoryString }
  *
- * NOTE: we list all types, but only use "dnsName", "otherName" and
- * "uniformResourceIdentifier", as defined in RFC 5280, at this point.
+ * We list all types, but use the following GeneralName types from RFC 5280:
+ * "dnsName", "uniformResourceIdentifier" and "hardware_module_name"
+ * of type "otherName", as defined in RFC 4108.
  */
 int mbedtls_x509_get_subject_alt_name(unsigned char **p,
                                       const unsigned char *end,