Support for parsing of certificate extensions in PKCS#10 requests: these are

used by things like Xenroll. Also include documentation for extendedKeyUsage
extension.