From: Ori Bernstein <ori@eigenstate.org>
Date: Mon, 9 Aug 2021 15:33:16 +0000 (+0000)
Subject: x509: encode empty sequence as constructed
X-Git-Url: https://git.lizzy.rs/?a=commitdiff_plain;h=c6a9c55de7e5d1d510a717cffd42648d249269db;p=plan9front.git

x509: encode empty sequence as constructed

According to the ASN.1 BER spec, we should be encoding
all sequences (including empty ones) as constructed:

	8.9.1 The encoding of a sequence value shall be constructed.
	8.10.1 The encoding of a sequence-of value shall be constructed.
	8.11.1 The encoding of a set value shall be constructed.
	8.12.1 The encoding of a set-of value shall be constructed.

However, we were only setting them as constructed when the
list was non-empty.

This changes it, and makes letsencrypt happy with the CSRs that
we generate.
---

diff --git a/sys/src/libsec/port/x509.c b/sys/src/libsec/port/x509.c
index 91f79bbae..84ced1374 100644
--- a/sys/src/libsec/port/x509.c
+++ b/sys/src/libsec/port/x509.c
@@ -1025,13 +1025,11 @@ val_enc(uchar** pp, Elem e, int *pconstr, int lenonly)
 			el = e.val.u.setval;
 		else
 			err = ASN_EINVAL;
-		if(el != nil) {
-			*pconstr = CONSTR_MASK;
-			for(; el != nil; el = el->tl) {
-				err = enc(&p, el->hd, lenonly);
-				if(err != ASN_OK)
-					break;
-			}
+		*pconstr = CONSTR_MASK;
+		for(; el != nil; el = el->tl) {
+			err = enc(&p, el->hd, lenonly);
+			if(err != ASN_OK)
+				break;
 		}
 		break;