According to the ASN.1 BER spec, we should be encoding
all sequences (including empty ones) as constructed:
8.9.1 The encoding of a sequence value shall be constructed.
8.10.1 The encoding of a sequence-of value shall be constructed.
8.11.1 The encoding of a set value shall be constructed.
8.12.1 The encoding of a set-of value shall be constructed.
However, we were only setting them as constructed when the
list was non-empty.
This changes it, and makes letsencrypt happy with the CSRs that
we generate.
el = e.val.u.setval;
else
err = ASN_EINVAL;
- if(el != nil) {
- *pconstr = CONSTR_MASK;
- for(; el != nil; el = el->tl) {
- err = enc(&p, el->hd, lenonly);
- if(err != ASN_OK)
- break;
- }
+ *pconstr = CONSTR_MASK;
+ for(; el != nil; el = el->tl) {
+ err = enc(&p, el->hd, lenonly);
+ if(err != ASN_OK)
+ break;
}
break;