ref: c6a9c55de7e5d1d510a717cffd42648d249269db
parent: 3909b83a90ff0c820ef7c903a03fc12b043ebfea
author: Ori Bernstein <[email protected]>
date: Mon Aug 9 11:33:16 EDT 2021
x509: encode empty sequence as constructed According to the ASN.1 BER spec, we should be encoding all sequences (including empty ones) as constructed: 8.9.1 The encoding of a sequence value shall be constructed. 8.10.1 The encoding of a sequence-of value shall be constructed. 8.11.1 The encoding of a set value shall be constructed. 8.12.1 The encoding of a set-of value shall be constructed. However, we were only setting them as constructed when the list was non-empty. This changes it, and makes letsencrypt happy with the CSRs that we generate.
--- a/sys/src/libsec/port/x509.c
+++ b/sys/src/libsec/port/x509.c
@@ -1025,13 +1025,11 @@
el = e.val.u.setval;
else
err = ASN_EINVAL;
- if(el != nil) {- *pconstr = CONSTR_MASK;
- for(; el != nil; el = el->tl) {- err = enc(&p, el->hd, lenonly);
- if(err != ASN_OK)
- break;
- }
+ *pconstr = CONSTR_MASK;
+ for(; el != nil; el = el->tl) {+ err = enc(&p, el->hd, lenonly);
+ if(err != ASN_OK)
+ break;
}
break;