Hi,

I have an ACME client library for esp32, and I try to extend it to support multiple host names. First step is to include alternate names in the CSR.

After I tried the ARMmbed issues forum, I was pointed to this list.

My code is in http://svn.code.sf.net/p/esp32-acme-client/code/trunk/libraries/acmeclient/Acme.cpp (see function Acme::CreateAltUrlList) , the function below is an attempt to do what I described, but doesn't work.

Can anyone help ?

    Danny

int Acme::CreateAltUrlList(mbedtls_x509write_csr req) {
int l = 20;
int ret;

for (int i=0; alt_urls[i]; i++) {
l += strlen(alt_urls[i]) + 20;
}
unsigned char *buf = (unsigned char *)malloc(l), *p = buf + l;

int len = 0;
for (int i=0; alt_urls[i]; i++) {
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(&p, buf, (const unsigned char *)alt_urls[i], strlen(alt_urls[i])));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, strlen(alt_urls[i])));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2));
}

MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));

if ((ret = mbedtls_x509write_csr_set_extension(&req,
MBEDTLS_OID_SUBJECT_ALT_NAME, MBEDTLS_OID_SIZE(MBEDTLS_OID_SUBJECT_ALT_NAME),
(const unsigned char *)p, len)) != 0) {
char errbuf[80];
mbedtls_strerror(ret, errbuf, sizeof(errbuf));
ESP_LOGE(acme_tag, "%s: mbedtls_x509write_csr_set_extension failed %s (0x%04x)", __FUNCTION__, errbuf, -ret);
}

free(buf);
ESP_LOGD(acme_tag, "%s: ret %d", __FUNCTION__, ret);
return ret;
}