From dc22090671acdc815597831b5e69eea97fe49e1c Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 25 Apr 2023 02:29:00 -0400
Subject: [PATCH] Return an error on an unsupported SubjectAltName

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 library/x509write_crt.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 63f490d6df..aa4b9074c0 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -190,8 +190,8 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c
                 break;
             }
             default:
-                /* Not supported - skip. */
-                break;
+                /* Not supported - return. */
+                return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
         }
     }
 
@@ -249,8 +249,9 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c
                                                                     MBEDTLS_X509_SAN_DIRECTORY_NAME));
                 break;
             default:
-                /* Skip unsupported names. */
-                break;
+                /* Error out on an unsupported SAN */
+                ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
+                goto cleanup;
         }
         cur = cur->next;
         len += single_san_len;