diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 6e07ac6f2..0c71dae18 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -87,7 +87,8 @@ typedef struct mbedtls_x509_crt
 
     unsigned int key_usage;     /**< Optional key usage extension value: See the values in x509.h */
 
-    mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
+    mbedtls_x509_sequence ext_key_usage;    /**< Optional list of extended key usage OIDs. */
+    mbedtls_x509_buf_raw ext_key_usage_raw; /**< Raw data of ExtendedKeyUsage extensions.  */
 
     unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */
 
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 1d5bedc78..afc707bb6 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -697,6 +697,8 @@ static int x509_get_crt_ext( unsigned char **p,
 
         case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE:
             /* Parse extended key usage */
+            crt->ext_key_usage_raw.p = *p;
+            crt->ext_key_usage_raw.len = end_ext_octet - *p;
             if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
                     &crt->ext_key_usage ) ) != 0 )
                 return( ret );