I wanted to set the arbitrary old value in my certificate for e.g.

ffeBgt9jDHhBwPDANgtT7R/1.3.6.1.4.1.37244.2.1=FFF2/1.3.6.1.4.1.37244.2.2=8001

In this case ffeBgt9jDHhBwPDANgtT7R is the CN

And 1.3.6.1.4.1.37244.2.1 is an arbitrary OID which has a value of FFF2 similar to the second arbitrary OID.

I am able to do this through openssl commands, but while doing it through mbedtls, when I pass it as a string then mbedtls considers the whole string as CN which Is not my intention.

Please fine the asn1 parsing of the CSR as below

CSR generated through mbedtls:

18:d=5 hl=2 l= 3 prim: OBJECT :commonName

23:d=5 hl=2 l= 76 prim: UTF8STRING :ffeBgt9jDHhBwPDANgtT7R/1.3.7.1.4.1.37466.2.1=FFF2+1.3.7.1.4.1.37466.2.2=8001

101:d=3 hl=2 l= 11 cons: SET

103:d=4 hl=2 l= 9 cons: SEQUENCE

Target CSR ( done thorough openssl):

14:d=4 hl=2 l= 29 cons: SEQUENCE

16:d=5 hl=2 l= 3 prim: OBJECT :commonName

21:d=5 hl=2 l= 22 prim: UTF8STRING :ffeBgt9jDHhBwPDANgtT7R

45:d=3 hl=2 l= 20 cons: SET

47:d=4 hl=2 l= 18 cons: SEQUENCE

49:d=5 hl=2 l= 10 prim: OBJECT :1.3.7.1.4.1.37466.2.1

61:d=5 hl=2 l= 4 prim: UTF8STRING :FFF2

67:d=3 hl=2 l= 20 cons: SET

69:d=4 hl=2 l= 18 cons: SEQUENCE

71:d=5 hl=2 l= 10 prim: OBJECT :1.3.7.1.4.1.37466.2.2

83:d=5 hl=2 l= 4 prim: UTF8STRING :8001

89:d=2 hl=2 l= 89 cons: SEQUENCE

91:d=3 hl=2 l= 19 cons: SEQUENCE

93:d=4 hl=2 l= 7 prim: OBJECT :id-ecPublicKey

102:d=4 hl=2 l= 8 prim: OBJECT :prime256v1

Am I missing something here? Do I need to provide the CN in a different way to get the intended result?

I found an open issue https://github.com/Mbed-TLS/mbedtls/issues/4886, could it be related to this?

Any help would be appreciated.