Add ability to set challenge password in mbedtls_x509write_csr

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.

https://www.trustedfirmware.org/projects/mbed-tls/

Other

5.54k stars 2.6k forks source link

Add ability to set challenge password in mbedtls_x509write_csr #4886

Open yachoor opened 3 years ago

yachoor commented 3 years ago

Suggested enhancement

There's no way to set additional attributes in CSR, only extensions. I need to generate CSR with challenge password (PKCS#9 OID 1.2.840.113549.1.9.7). Right now I have custom serialization to DER to add that attribute, but all fields of mbedtls_x509write_csr are private in 3.0.

Justification

I need it for certificate enrollment/renewal using SCEP

paul-elliott-arm commented 3 years ago

Hi!

Seeing as you already have code to do this, if you were to submit your custom serialization as a PR to the library, then this field would not have to be public, and this is likely the fastest way this would get resolved., so I would definitely encourage you to do that.