I am using mbedtls_x509write_csr_set_subject_name API  from mbedtls to set the subject name.
I wanted to set the arbitrary old value in my certificate for e.g.
ffeBgt9jDHhBwPDANgtT7R/1.3.6.1.4.1.37244.2.1=FFF2/1.3.6.1.4.1.37244.2.2=8001

In this case ffeBgt9jDHhBwPDANgtT7R is the CN

And 1.3.6.1.4.1.37244.2.1  is an arbitrary OID which has a value of FFF2 similar to the second arbitrary OID.

I am able to do this through openssl commands, but while doing it through mbedtls, when I pass it as a string then mbedtls considers the whole string as CN  which Is not my intention.


Please fine the asn1 parsing of the CSR as below


CSR generated through mbedtls:
  18:d=5  hl=2 l=   3 prim: OBJECT            :commonName
   23:d=5  hl=2 l=  76 prim: UTF8STRING        :ffeBgt9jDHhBwPDANgtT7R/1.3.7.1.4.1.37466.2.1=FFF2+1.3.7.1.4.1.37466.2.2=8001
  101:d=3  hl=2 l=  11 cons: SET
  103:d=4  hl=2 l=   9 cons: SEQUENCE

Target CSR ( done thorough openssl):
   14:d=4  hl=2 l=  29 cons: SEQUENCE
   16:d=5  hl=2 l=   3 prim: OBJECT            :commonName
   21:d=5  hl=2 l=  22 prim: UTF8STRING        :ffeBgt9jDHhBwPDANgtT7R
   45:d=3  hl=2 l=  20 cons: SET
   47:d=4  hl=2 l=  18 cons: SEQUENCE
   49:d=5  hl=2 l=  10 prim: OBJECT            :1.3.7.1.4.1.37466.2.1
   61:d=5  hl=2 l=   4 prim: UTF8STRING        :FFF2
   67:d=3  hl=2 l=  20 cons: SET
   69:d=4  hl=2 l=  18 cons: SEQUENCE
   71:d=5  hl=2 l=  10 prim: OBJECT            :1.3.7.1.4.1.37466.2.2
   83:d=5  hl=2 l=   4 prim: UTF8STRING        :8001
   89:d=2  hl=2 l=  89 cons: SEQUENCE
   91:d=3  hl=2 l=  19 cons: SEQUENCE
   93:d=4  hl=2 l=   7 prim: OBJECT            :id-ecPublicKey
  102:d=4  hl=2 l=   8 prim: OBJECT            :prime256v1



Am I missing something here? Do I need to provide the CN in a different way to get the intended result?
I found an open issue  https://github.com/Mbed-TLS/mbedtls/issues/4886, could it be related to this?

Any help would be appreciated.

Thanks and Regards,
Aditya