xfnw/plan9fox
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

x509: encode empty sequence as constructed

Browse source 
According to the ASN.1 BER spec, we should be encoding
all sequences (including empty ones) as constructed:

	8.9.1 The encoding of a sequence value shall be constructed.
	8.10.1 The encoding of a sequence-of value shall be constructed.
	8.11.1 The encoding of a set value shall be constructed.
	8.12.1 The encoding of a set-of value shall be constructed.

However, we were only setting them as constructed when the
list was non-empty.

This changes it, and makes letsencrypt happy with the CSRs that
we generate.
This commit is contained in:
Ori Bernstein 2021-08-09 15:33:16 +00:00
parent 3909b83a90
commit c6a9c55de7
1 changed files with 5 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
sys/src/libsec/port/x509.c
View file

@ -1025,13 +1025,11 @@ val_enc(uchar** pp, Elem e, int *pconstr, int lenonly)
el = e.val.u.setval;
else
err = ASN_EINVAL;
if(el != nil) {
*pconstr = CONSTR_MASK;
for(; el != nil; el = el->tl) {
err = enc(&p, el->hd, lenonly);
if(err != ASN_OK)
break;
}
*pconstr = CONSTR_MASK;
for(; el != nil; el = el->tl) {
err = enc(&p, el->hd, lenonly);
if(err != ASN_OK)
break;
}
break;