Add documentation and a changelog entry

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2025-02-06 03:40:04 +00:00 · 2023-04-04 07:09:04 -04:00 · 2023-04-04 07:09:04 -04:00 · 1bc7df2540
commit 1bc7df2540
parent 76c9662e8e
5 changed files with 19 additions and 3 deletions
--- a/ChangeLog.d/add-subjectAltName-certs.txt
+++ b/ChangeLog.d/add-subjectAltName-certs.txt
@ -0,0 +1,6 @@
+Features
+   * It is now possible to generate certificates with SubjectAltNames.
+     Currently supported subtypes: DnsName, UniformResourceIdentifier,
+     IP address, OtherName, and DirectoryName, as defined in RFC 5280.
+     See mbedtls_x509write_crt_set_subject_alternative_name for
+     more information.
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@ -473,7 +473,6 @@ int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid,
                               size_t val_len);
 int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start,
                                  mbedtls_asn1_named_data *first);
-
 int mbedtls_x509_write_names(unsigned char **p, unsigned char *start,
                             mbedtls_asn1_named_data *first);
 int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@ -241,6 +241,18 @@ typedef struct mbedtls_x509write_cert {
 }
 mbedtls_x509write_cert;

+/**
+ * \brief           Set Subject Alternative Name
+ *
+ * \param ctx       Certificate context to use
+ * \param san_list  List of SAN values
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ *
+ * \note            "dnsName", "uniformResourceIdentifier", "IP address",
+ *                  "otherName", and "DirectoryName", as defined in RFC 5280,
+ *                  are supported.
+ */
 int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx,
                                                       const mbedtls_x509_san_list *san_list);

--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@ -153,7 +153,6 @@ int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx,
    return 0;
 }

-
 int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx,
                                                       const mbedtls_x509_san_list *san_list)
 {
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@ -925,7 +925,7 @@ usage:

        if (ret != 0) {
            mbedtls_printf(
-                " failed\n  !  mbedtls_x509write_csr_set_subject_alternative_name returned %d",
+                " failed\n  !  mbedtls_x509write_crt_set_subject_alternative_name returned %d",
                ret);
            goto exit;
        }