From 2ddd98927f29459ab76935faedec048a41b100b7 Mon Sep 17 00:00:00 2001
From: Albert Ribes <aribes96@gmail.com>
Date: Thu, 3 Jul 2025 17:28:57 +0200
Subject: [PATCH 1/2] When creating a Cert from a WOLFSSL_X509, account for
 custom extensions

Function 'CertFromX509' is used to convert a WOLFSSL_X509 to a Cert
structure for writing out. It didn't copy custom extensions.
---
 src/x509.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/src/x509.c b/src/x509.c
index 278e743b7..c861fb617 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -10737,6 +10737,25 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
     cert->altSigValLen = x509->altSigValLen;
     cert->altSigValCrit = x509->altSigValCrit;
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
+
+#ifdef WOLFSSL_CUSTOM_OID
+
+    if ((x509->customExtCount < 0) ||
+            (x509->customExtCount >= NUM_CUSTOM_EXT)) {
+        WOLFSSL_MSG("Bad value for customExtCount.");
+        return WOLFSSL_FAILURE;
+    }
+
+    for (i = 0; i < x509->customExtCount; i++) {
+        if (wc_SetCustomExtension(cert, x509->custom_exts[i].crit,
+                x509->custom_exts[i].oid, x509->custom_exts[i].val,
+                x509->custom_exts[i].valSz))
+        {
+            return WOLFSSL_FAILURE;
+        }
+    }
+#endif /* WOLFSSL_CUSTOM_OID */
+
 #endif /* WOLFSSL_CERT_EXT */
 
 #ifdef WOLFSSL_CERT_REQ

From 5615993f48e0fa490a4f1b4dd5ba57fdaf5be8c6 Mon Sep 17 00:00:00 2001
From: Albert Ribes <aribes96@gmail.com>
Date: Thu, 3 Jul 2025 19:01:50 +0200
Subject: [PATCH 2/2] Add missing option checks

---
 src/x509.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/x509.c b/src/x509.c
index c861fb617..0139ad0a9 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -10738,7 +10738,8 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
     cert->altSigValCrit = x509->altSigValCrit;
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
 
-#ifdef WOLFSSL_CUSTOM_OID
+#if defined(WOLFSSL_ASN_TEMPLATE) && defined(WOLFSSL_CUSTOM_OID) && \
+    defined(HAVE_OID_ENCODING)
 
     if ((x509->customExtCount < 0) ||
             (x509->customExtCount >= NUM_CUSTOM_EXT)) {
@@ -10754,7 +10755,7 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
             return WOLFSSL_FAILURE;
         }
     }
-#endif /* WOLFSSL_CUSTOM_OID */
+#endif /* WOLFSSL_ASN_TEMPLATE && WOLFSSL_CUSTOM_OID && HAVE_OID_ENCODING */
 
 #endif /* WOLFSSL_CERT_EXT */