Added gnutls_x509_crt_set_crq_extension_by_oid()

This allows copying specific OIDs from a certificate
request to the certificate.

3 files changed, 39 insertions, 7 deletions

diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index 5217942abd..d9f56163ff 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -1254,6 +1254,11 @@ int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt, gnutls_x509_crq_t crq);
 int gnutls_x509_crt_set_crq_extensions(gnutls_x509_crt_t crt,
 				       gnutls_x509_crq_t crq);
 
+int
+gnutls_x509_crt_set_crq_extension_by_oid(gnutls_x509_crt_t crt,
+				         gnutls_x509_crq_t crq, const char *oid,
+				         unsigned flags);
+
 int gnutls_x509_crq_set_private_key_usage_period(gnutls_x509_crq_t
 						 crq,
 						 time_t activation,
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 1416504936..c396169101 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -1097,6 +1097,7 @@ GNUTLS_3_4
 	gnutls_x509_crq_get_tlsfeatures;
 	gnutls_x509_crq_set_tlsfeatures;
 	gnutls_ext_get_name;
+	gnutls_x509_crt_set_crq_extension_by_oid;
  local:
 	*;
 };
diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c
index 15815700f3..e9c6259094 100644
--- a/lib/x509/x509_write.c
+++ b/lib/x509/x509_write.c
@@ -303,7 +303,7 @@ int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt, gnutls_x509_crq_t crq)
  * @crt: a certificate of type #gnutls_x509_crt_t
  * @crq: holds a certificate request
  *
- * This function will set extensions from the given request to the
+ * This function will set the extensions from the given request to the
  * certificate.
  *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
@@ -315,6 +315,29 @@ int
 gnutls_x509_crt_set_crq_extensions(gnutls_x509_crt_t crt,
 				   gnutls_x509_crq_t crq)
 {
+	return gnutls_x509_crt_set_crq_extension_by_oid(crt, crq, NULL, 0);
+}
+
+/**
+ * gnutls_x509_crt_set_crq_extension_by_oid:
+ * @crt: a certificate of type #gnutls_x509_crt_t
+ * @crq: holds a certificate request
+ * @oid: the object identifier of the OID to copy
+ * @flags: should be zero
+ *
+ * This function will set the extension specify by @oid from the given request to the
+ * certificate.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ *   negative error value.
+ *
+ * Since: 3.5.1
+ **/
+int
+gnutls_x509_crt_set_crq_extension_by_oid(gnutls_x509_crt_t crt,
+				         gnutls_x509_crq_t crq, const char *oid,
+				         unsigned flags)
+{
 	size_t i;
 
 	if (crt == NULL || crq == NULL) {
@@ -326,16 +349,16 @@ gnutls_x509_crt_set_crq_extensions(gnutls_x509_crt_t crt,
 
 	for (i = 0;; i++) {
 		int result;
-		char oid[MAX_OID_SIZE];
-		size_t oid_size;
+		char local_oid[MAX_OID_SIZE];
+		size_t local_oid_size;
 		uint8_t *extensions;
 		size_t extensions_size;
 		unsigned int critical;
 		gnutls_datum_t ext;
 
-		oid_size = sizeof(oid);
-		result = gnutls_x509_crq_get_extension_info(crq, i, oid,
-							    &oid_size,
+		local_oid_size = sizeof(local_oid);
+		result = gnutls_x509_crq_get_extension_info(crq, i, local_oid,
+							    &local_oid_size,
 							    &critical);
 		if (result < 0) {
 			if (result ==
@@ -346,6 +369,9 @@ gnutls_x509_crt_set_crq_extensions(gnutls_x509_crt_t crt,
 			return result;
 		}
 
+		if (oid && strcmp(local_oid, oid) != 0)
+			continue;
+
 		extensions_size = 0;
 		result = gnutls_x509_crq_get_extension_data(crq, i, NULL,
 							    &extensions_size);
@@ -373,7 +399,7 @@ gnutls_x509_crt_set_crq_extensions(gnutls_x509_crt_t crt,
 		ext.size = extensions_size;
 
 		result =
-		    _gnutls_x509_crt_set_extension(crt, oid, &ext,
+		    _gnutls_x509_crt_set_extension(crt, local_oid, &ext,
 						   critical);
 		gnutls_free(extensions);
 		if (result < 0) {