crypto/x509: if a parent cert has a raw subject, use it.

This avoids a problem when creating certificates with parents that
were produce by other code: the Go structures don't contain all the
information about the various ASN.1 string types etc and so that
information would otherwise be lost.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5453067

diff --git a/src/pkg/crypto/x509/x509.go b/src/pkg/crypto/x509/x509.go
index 7e6b5c96f536c722e0c49c778f0872eb4720f9ab..65ca31580035595f1a9d417f8276b97c86281dc6 100644 (file)
--- a/src/pkg/crypto/x509/x509.go
+++ b/src/pkg/crypto/x509/x509.go
@@ -927,10 +927,15 @@ func CreateCertificate(rand io.Reader, template, parent *Certificate, pub *rsa.P
                return
        }
 
-       asn1Issuer, err := asn1.Marshal(parent.Subject.ToRDNSequence())
-       if err != nil {
-               return
+       var asn1Issuer []byte
+       if len(parent.RawSubject) > 0 {
+               asn1Issuer = parent.RawSubject
+       } else {
+               if asn1Issuer, err = asn1.Marshal(parent.Subject.ToRDNSequence()); err != nil {
+                       return
+               }
        }
+
        asn1Subject, err := asn1.Marshal(template.Subject.ToRDNSequence())
        if err != nil {
                return