Merge pull request #7400 from AndrzejKurek/cert-write-sans

Add a possibility to generate certificates with a Subject Alternative Name

include/mbedtls/x509.h

@@ -312,6 +312,12 @@ typedef struct mbedtls_x509_subject_alternative_name {
 }
 mbedtls_x509_subject_alternative_name;
 
+typedef struct mbedtls_x509_san_list {
+    mbedtls_x509_subject_alternative_name node;
+    struct mbedtls_x509_san_list *next;
+}
+mbedtls_x509_san_list;
+
 /** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
 
 /**

include/mbedtls/x509_crt.h

@@ -241,6 +241,21 @@ typedef struct mbedtls_x509write_cert {
 }
 mbedtls_x509write_cert;
 
+/**
+ * \brief           Set Subject Alternative Name
+ *
+ * \param ctx       Certificate context to use
+ * \param san_list  List of SAN values
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ *
+ * \note            "dnsName", "uniformResourceIdentifier", "IP address",
+ *                  "otherName", and "DirectoryName", as defined in RFC 5280,
+ *                  are supported.
+ */
+int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx,
+                                                       const mbedtls_x509_san_list *san_list);
+
 /**
  * Item in a verification chain: cert and flags for it
  */

include/mbedtls/x509_csr.h

@@ -83,12 +83,6 @@ typedef struct mbedtls_x509write_csr {
 }
 mbedtls_x509write_csr;
 
-typedef struct mbedtls_x509_san_list {
-    mbedtls_x509_subject_alternative_name node;
-    struct mbedtls_x509_san_list *next;
-}
-mbedtls_x509_san_list;
-
 #if defined(MBEDTLS_X509_CSR_PARSE_C)
 /**
  * \brief          Load a Certificate Signing Request (CSR) in DER format