x509: encode empty sequence as constructed

According to the ASN.1 BER spec, we should be encoding
all sequences (including empty ones) as constructed:

	8.9.1 The encoding of a sequence value shall be constructed.
	8.10.1 The encoding of a sequence-of value shall be constructed.
	8.11.1 The encoding of a set value shall be constructed.
	8.12.1 The encoding of a set-of value shall be constructed.

However, we were only setting them as constructed when the
list was non-empty.

This changes it, and makes letsencrypt happy with the CSRs that
we generate.

diff --git a/sys/src/libsec/port/x509.c b/sys/src/libsec/port/x509.c
index 91f79bbaea2a89ef77a9e46242fe50a4277abb89..84ced1374bb49a53cb51b692df98546b9b9b1121 100644 (file)
--- a/sys/src/libsec/port/x509.c
+++ b/sys/src/libsec/port/x509.c
@@ -1025,13 +1025,11 @@ val_enc(uchar** pp, Elem e, int *pconstr, int lenonly)
                        el = e.val.u.setval;
                else
                        err = ASN_EINVAL;
-               if(el != nil) {
-                       *pconstr = CONSTR_MASK;
-                       for(; el != nil; el = el->tl) {
-                               err = enc(&p, el->hd, lenonly);
-                               if(err != ASN_OK)
-                                       break;
-                       }
+               *pconstr = CONSTR_MASK;
+               for(; el != nil; el = el->tl) {
+                       err = enc(&p, el->hd, lenonly);
+                       if(err != ASN_OK)
+                               break;
                }
                break;