crypto/x509: return error for missing SerialNumber.

If the SerialNumber is nil in the template then the resulting panic is
rather deep in encoding/asn1 and it's not obvious what went wrong.

This change tests and returns a more helpful error in this case.

Fixes #16603.

Change-Id: Ib30d652555191eb78f705dff8d909e4b5808f9ca
Reviewed-on: https://go-review.googlesource.com/27238
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index 9ad3cf23f655a9c3ee25665162cc7f951e1e65c9..a514c06666a445de9b676778ef6b5fafba67820f 100644 (file)
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -1577,6 +1577,10 @@ func CreateCertificate(rand io.Reader, template, parent *Certificate, pub, priv
                return nil, errors.New("x509: certificate private key does not implement crypto.Signer")
        }
 
+       if template.SerialNumber == nil {
+               return nil, errors.New("x509: no SerialNumber given")
+       }
+
        hashFunc, signatureAlgorithm, err := signingParamsForPublicKey(key.Public(), template.SignatureAlgorithm)
        if err != nil {
                return nil, err