From 0488ce653a1cf791be9d4061832e33694e6d1f63 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simonb@redtangent.net>
Date: Sun, 30 Sep 2018 15:36:50 +0100
Subject: [PATCH] Add support for alternative CSR headers

Add support for RFC7468, and the alternative Microsoft footer/headers for CSR's
that contain the text 'BEGIN NEW CERTIFICATE REQUEST' instead of
'BEGIN CERTIFICATE REQUEST'.
---
 library/x509_csr.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/library/x509_csr.c b/library/x509_csr.c
index f84425728..032b15c65 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -279,15 +279,23 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz
     {
         mbedtls_pem_init( &pem );
         ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN CERTIFICATE REQUEST-----",
-                               "-----END CERTIFICATE REQUEST-----",
-                               buf, NULL, 0, &use_len );
-
+                                       "-----BEGIN CERTIFICATE REQUEST-----",
+                                       "-----END CERTIFICATE REQUEST-----",
+                                       buf, NULL, 0, &use_len );
+        if( ret != 0 )
+        {
+            ret = mbedtls_pem_read_buffer( &pem,
+                                           "-----BEGIN NEW CERTIFICATE REQUEST-----",
+                                           "-----END NEW CERTIFICATE REQUEST-----",
+                                           buf, NULL, 0, &use_len );
+        }
         if( ret == 0 )
+        {
             /*
              * Was PEM encoded, parse the result
              */
             ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen );
+        }
 
         mbedtls_pem_free( &pem );
         if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )