wolfSSL · dgarske · Aug 12, 2018 · Jul 25, 2018 · Jul 31, 2018 · Aug 1, 2018
diff --git a/doc/dox_comments/header_files/asn_public.h b/doc/dox_comments/header_files/asn_public.h
@@ -335,6 +335,73 @@ WOLFSSL_API int  wc_SetIssuer(Cert*, const char*);
 */
 WOLFSSL_API int  wc_SetSubject(Cert*, const char*);
 
+
+/*!
+    \ingroup ASN
+
+    \brief This function sets the raw subject for a certificate from the
+    subject in the provided der buffer. This method is used to set the raw
+    subject field prior to signing.
+
+    \return 0 Returned on successfully setting the subject for the certificate
+    \return MEMORY_E Returned if there is an error allocating memory
+    with XMALLOC
+    \return ASN_PARSE_E Returned if there is an error parsing the cert
+    header file
+    \return ASN_OBJECT_ID_E Returned if there is an error parsing the
+    encryption type from the cert
+    \return ASN_EXPECT_0_E Returned if there is a formatting error in the
+    encryption specification of the cert file
+    \return ASN_BEFORE_DATE_E Returned if the date is before the certificate
+    start date
+    \return ASN_AFTER_DATE_E Returned if the date is after the certificate
+    expiration date
+    \return ASN_BITSTR_E Returned if there is an error parsing a bit string
+    from the certificate
+    \return ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key
+    from the certificate
+    \return ECC_CURVE_OID_E Returned if there is an error parsing the ECC key
+    from the certificate
+    \return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown
+    key object id
+    \return ASN_VERSION_E Returned if the ALLOW_V1_EXTENSIONS option is not
+    defined and the certificate is a V1 or V2 certificate
+    \return BAD_FUNC_ARG Returned if there is an error processing the
+    certificate extension
+    \return ASN_CRIT_EXT_E Returned if an unfamiliar critical extension is
+    encountered in processing the certificate
+    \return ASN_SIG_OID_E Returned if the signature encryption type is not
+    the same as the encryption type of the certificate in the provided file
+    \return ASN_SIG_CONFIRM_E Returned if confirming the certification
+    signature fails
+    \return ASN_NAME_INVALID_E Returned if the certificate’s name is not
+    permitted by the CA name constraints
+    \return ASN_NO_SIGNER_E Returned if there is no CA signer to verify the
+    certificate’s authenticity
+
+    \param cert pointer to the cert for which to set the raw subject
+    \param der pointer to the buffer containing the der formatted certificate
+    from which to grab the subject
+    \param derSz size of the buffer containing the der formatted certificate
+    from which to grab the subject
+
+    _Example_
+    \code
+    Cert myCert;
+    // initialize myCert
+    byte* der;
+    der = (byte*)malloc(FOURK_BUF);
+    // initialize der
+    if(wc_SetSubjectRaw(&myCert, der, FOURK_BUF) != 0) {
+        // error setting subject
+    }
+    \endcode
+
+    \sa wc_InitCert
+    \sa wc_SetSubject
+*/
+WOLFSSL_API int  wc_SetSubjectRaw(Cert*, const byte* der, int derSz);
+
 /*!
     \ingroup ASN
 

diff --git a/src/ssl.c b/src/ssl.c
@@ -15683,6 +15683,12 @@ int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name,
             text = name->fullName.fullName + name->fullName.dcIdx[0];
             textSz = name->fullName.dcLen[0];
             break;
+    #ifdef WOLFSSL_CERT_EXT
+        case ASN_BUS_CAT:
+            text = name->fullName.fullName + name->fullName.bcIdx;
+            textSz = name->fullName.bcLen;
+            break;
+    #endif
         default:
             WOLFSSL_MSG("Entry type not found");
             return SSL_FATAL_ERROR;
@@ -28780,6 +28786,14 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
         cName->unitEnc = CTC_UTF8;
         cName->commonName[0] = '\0';
         cName->commonNameEnc = CTC_UTF8;
+    #ifdef WOLFSSL_CERT_EXT
+        cName->busCat[0] = '\0';
+        cName->busCatEnc = CTC_UTF8;
+        cName->joiC[0] = '\0';
+        cName->joiCEnc = CTC_PRINTABLE;
+        cName->joiSt[0] = '\0';
+        cName->joiStEnc = CTC_PRINTABLE;
+    #endif
         cName->email[0] = '\0';
 
 
@@ -28834,6 +28848,32 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
             return BUFFER_E;
         }
 
+    #ifdef WOLFSSL_CERT_EXT
+        /* ASN_BUS_CAT */
+        WOLFSSL_MSG("Copy Business Category");
+        if (CopyX509NameEntry(cName->busCat, CTC_NAME_SIZE,
+                    dn->fullName + dn->bcIdx, dn->bcLen)
+                    != SSL_SUCCESS) {
+            return BUFFER_E;
+        }
+
+        /* JoI Country */
+        WOLFSSL_MSG("Copy Jurisdiction of Incorporation Country");
+        if (CopyX509NameEntry(cName->joiC, CTC_NAME_SIZE,
+                    dn->fullName + dn->jcIdx, dn->jcLen)
+                    != SSL_SUCCESS) {
+            return BUFFER_E;
+        }
+
+        /* JoI State */
+        WOLFSSL_MSG("Copy Jurisdiction of Incorporation State");
+        if (CopyX509NameEntry(cName->joiSt, CTC_NAME_SIZE,
+                    dn->fullName + dn->jsIdx, dn->jsLen)
+                    != SSL_SUCCESS) {
+            return BUFFER_E;
+        }
+    #endif
+
         WOLFSSL_MSG("Copy Email");
         if (CopyX509NameEntry(cName->email, CTC_NAME_SIZE,
                     dn->fullName + dn->emailIdx, dn->emailLen)