x509: encode empty sequence as constructed

According to the ASN.1 BER spec, we should be encoding all sequences (including empty ones) as constructed: 8.9.1 The encoding of a sequence value shall be constructed. 8.10.1 The encoding of a sequence-of value shall be constructed. 8.11.1 The encoding of a set value shall be constructed. 8.12.1 The encoding of a set-of value shall be constructed. However, we were only setting them as constructed when the list was non-empty. This changes it, and makes letsencrypt happy with the CSRs that we generate.
author: Ori Bernstein <ori@eigenstate.org> 2021-08-09 15:33:16 +0000
committer: Ori Bernstein <ori@eigenstate.org> 2021-08-09 15:33:16 +0000
commit: c6a9c55de7e5d1d510a717cffd42648d249269db (patch)
tree: 711ddf9fa4a13446013e3cccb073de4f6460bb0c
parent: 3909b83a90ff0c820ef7c903a03fc12b043ebfea (diff)
download: plan9front-c6a9c55de7e5d1d510a717cffd42648d249269db.tar.xz
1 files changed, 5 insertions, 7 deletions
diff --git a/sys/src/libsec/port/x509.c b/sys/src/libsec/port/x509.c
index 91f79bbae..84ced1374 100644
--- a/sys/src/libsec/port/x509.c
+++ b/sys/src/libsec/port/x509.c
@@ -1025,13 +1025,11 @@ val_enc(uchar** pp, Elem e, int *pconstr, int lenonly)
 			el = e.val.u.setval;
 		else
 			err = ASN_EINVAL;
-		if(el != nil) {
-			*pconstr = CONSTR_MASK;
-			for(; el != nil; el = el->tl) {
-				err = enc(&p, el->hd, lenonly);
-				if(err != ASN_OK)
-					break;
-			}
+		*pconstr = CONSTR_MASK;
+		for(; el != nil; el = el->tl) {
+			err = enc(&p, el->hd, lenonly);
+			if(err != ASN_OK)
+				break;
 		}
 		break;
author	Ori Bernstein <ori@eigenstate.org>	2021-08-09 15:33:16 +0000
committer	Ori Bernstein <ori@eigenstate.org>	2021-08-09 15:33:16 +0000
commit	c6a9c55de7e5d1d510a717cffd42648d249269db (patch)
tree	711ddf9fa4a13446013e3cccb073de4f6460bb0c
parent	3909b83a90ff0c820ef7c903a03fc12b043ebfea (diff)
download	plan9front-c6a9c55de7e5d1d510a717cffd42648d249269db.tar.xz