x509: encode empty sequence as constructed
According to the ASN.1 BER spec, we should be encoding all sequences (including empty ones) as constructed: 8.9.1 The encoding of a sequence value shall be constructed. 8.10.1 The encoding of a sequence-of value shall be constructed. 8.11.1 The encoding of a set value shall be constructed. 8.12.1 The encoding of a set-of value shall be constructed. However, we were only setting them as constructed when the list was non-empty. This changes it, and makes letsencrypt happy with the CSRs that we generate.
This commit is contained in:
Ori Bernstein
parent
3909b83a90
commit
c6a9c55de7
1 changed files with 5 additions and 7 deletions
|
|
@ -1025,14 +1025,12 @@ val_enc(uchar** pp, Elem e, int *pconstr, int lenonly)
|
||||||
el = e.val.u.setval;
|
el = e.val.u.setval;
|
||||||
else
|
else
|
||||||
err = ASN_EINVAL;
|
err = ASN_EINVAL;
|
||||||
if(el != nil) {
|
|
||||||
*pconstr = CONSTR_MASK;
|
*pconstr = CONSTR_MASK;
|
||||||
for(; el != nil; el = el->tl) {
|
for(; el != nil; el = el->tl) {
|
||||||
err = enc(&p, el->hd, lenonly);
|
err = enc(&p, el->hd, lenonly);
|
||||||
if(err != ASN_OK)
|
if(err != ASN_OK)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case UTF8String:
|
case UTF8String:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue