From 1977a1375453444965b0bfcbb5f45087e4f2340a Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Fri, 24 Jun 2022 12:04:26 -0600
Subject: [PATCH] improve comment for FPKI additions

---
 wolfcrypt/src/asn.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 4c6abe818..f95d5ea0c 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -14594,6 +14594,12 @@ static void AddAltName(DecodedCert* cert, DNS_entry* dnsEntry)
  * X.509: RFC 5280, 4.2.1.6 - OtherName (without implicit outer SEQUENCE).
  * HW Name: RFC 4108, 5 - Hardware Module Name
  * Only support HW Name where the type is a HW serial number.
+ *
+ * Other Names handled for FPKI (Federal PKI) use:
+ * UPN (Universal Principal Name), a non-standard Other Name
+ *  (RFC3280 sec 4.2.1.7). Often used with FIPS 201 smartcard login.
+ * FASC-N (Federal Agency Smart Credential Number), defined in the document
+ *  fpki-x509-cert-policy-common.pdf. Used for a smart card ID.
  */
 static const ASNItem otherNameASN[] = {
 /* TYPEID   */ { 0, ASN_OBJECT_ID, 0, 0, 0 },