Changed notes in x509_csr.h to better describe the behavior of mbedtls_x509_csr_parse_der and mbedtls_x509_csr_parse_der_with_ext_cb.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index f3ac570..dc4f86d 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -87,7 +87,9 @@
/**
* \brief Load a Certificate Signing Request (CSR) in DER format
*
- * \note CSR attributes (if any) are currently silently ignored.
+ * \note Any unsupported requested extensions are silently
+ * ignored, unless the critical flag is set, in which case
+ * the CSR is rejected.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
@@ -140,7 +142,10 @@
/**
* \brief Load a Certificate Signing Request (CSR) in DER format
*
- * \note CSR attributes (if any) are currently silently ignored.
+ * \note Any unsupported requested extensions are silently
+ * ignored, unless the critical flag is set, in which case
+ * the result of the callback function decides whether
+ * CSR is rejected.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling