diff --git a/src/tls/asn1.c b/src/tls/asn1.c
index 06bbd6f93..13b7fe1a5 100644
--- a/src/tls/asn1.c
+++ b/src/tls/asn1.c
@@ -307,3 +307,21 @@ int asn1_get_integer(const u8 *buf, size_t len, int *integer, const u8 **next)
 	*integer = value;
 	return 0;
 }
+
+
+int asn1_get_sequence(const u8 *buf, size_t len, struct asn1_hdr *hdr,
+		      const u8 **next)
+{
+	if (asn1_get_next(buf, len, hdr) < 0 ||
+	    hdr->class != ASN1_CLASS_UNIVERSAL ||
+	    hdr->tag != ASN1_TAG_SEQUENCE) {
+		wpa_printf(MSG_DEBUG,
+			   "ASN.1: Expected SEQUENCE - found class %d tag 0x%x",
+			   hdr->class, hdr->tag);
+		return -1;
+	}
+
+	if (next)
+		*next = hdr->payload + hdr->length;
+	return 0;
+}
diff --git a/src/tls/asn1.h b/src/tls/asn1.h
index 45b981260..d769a4e9b 100644
--- a/src/tls/asn1.h
+++ b/src/tls/asn1.h
@@ -66,6 +66,8 @@ void asn1_oid_to_str(const struct asn1_oid *oid, char *buf, size_t len);
 unsigned long asn1_bit_string_to_long(const u8 *buf, size_t len);
 int asn1_oid_equal(const struct asn1_oid *a, const struct asn1_oid *b);
 int asn1_get_integer(const u8 *buf, size_t len, int *integer, const u8 **next);
+int asn1_get_sequence(const u8 *buf, size_t len, struct asn1_hdr *hdr,
+		      const u8 **next);
 
 extern struct asn1_oid asn1_sha1_oid;
 extern struct asn1_oid asn1_sha256_oid;