From e1660af2e2c402b535bac5d7a8dbd44269347f80 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simonb@redtangent.net>
Date: Sun, 7 Oct 2018 17:48:37 +0100
Subject: [PATCH] Fix CSR parsing header call

Change the secondary X509 CSR parsing call for the alternative MS header to only
occur if the first call fails due to the header being unfound, instead of any
call.
---
 library/x509_csr.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/library/x509_csr.c b/library/x509_csr.c
index 032b15c65..c8c08c87b 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -282,13 +282,14 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz
                                        "-----BEGIN CERTIFICATE REQUEST-----",
                                        "-----END CERTIFICATE REQUEST-----",
                                        buf, NULL, 0, &use_len );
-        if( ret != 0 )
+        if( ret == MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
         {
             ret = mbedtls_pem_read_buffer( &pem,
                                            "-----BEGIN NEW CERTIFICATE REQUEST-----",
                                            "-----END NEW CERTIFICATE REQUEST-----",
                                            buf, NULL, 0, &use_len );
         }
+
         if( ret == 0 )
         {
             /*