Improve documentation of mbedtls_x509_get_ext()

- Explain the use of explicit ASN.1 tagging for the extensions structuree
- Remove misleading comment which suggests that mbedtls_x509_get_ext()
  also parsed the header of the first extension, which is not the case.
This commit is contained in:
Hanno Becker 2019-02-11 14:33:36 +00:00
parent 53526c70ff
commit c24e019513

View File

@ -709,6 +709,9 @@ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
int ret;
size_t len;
/* Extension structure use EXPLICIT tagging. That is, the actual
* `Extensions` structure is wrapped by a tag-length pair using
* the respective context-specific tag. */
ret = mbedtls_asn1_get_tag( p, end, &ext->len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag );
if( ret != 0 )
@ -720,11 +723,6 @@ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
/*
* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
*
* Extension ::= SEQUENCE {
* extnID OBJECT IDENTIFIER,
* critical BOOLEAN DEFAULT FALSE,
* extnValue OCTET STRING }
*/
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )