From: Adam Langley <agl@golang.org>
Date: Tue, 6 Dec 2011 21:42:48 +0000 (-0500)
Subject: crypto/x509: if a parent cert has a raw subject, use it.
X-Git-Tag: weekly.2011-12-06~8
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=02d1dae1069f881ea6b53ecc3cbf3bbe3ac40a72;p=gostls13.git

crypto/x509: if a parent cert has a raw subject, use it.

This avoids a problem when creating certificates with parents that
were produce by other code: the Go structures don't contain all the
information about the various ASN.1 string types etc and so that
information would otherwise be lost.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5453067
---

diff --git a/src/pkg/crypto/x509/x509.go b/src/pkg/crypto/x509/x509.go
index 7e6b5c96f5..65ca315800 100644
--- a/src/pkg/crypto/x509/x509.go
+++ b/src/pkg/crypto/x509/x509.go
@@ -927,10 +927,15 @@ func CreateCertificate(rand io.Reader, template, parent *Certificate, pub *rsa.P
 		return
 	}
 
-	asn1Issuer, err := asn1.Marshal(parent.Subject.ToRDNSequence())
-	if err != nil {
-		return
+	var asn1Issuer []byte
+	if len(parent.RawSubject) > 0 {
+		asn1Issuer = parent.RawSubject
+	} else {
+		if asn1Issuer, err = asn1.Marshal(parent.Subject.ToRDNSequence()); err != nil {
+			return
+		}
 	}
+
 	asn1Subject, err := asn1.Marshal(template.Subject.ToRDNSequence())
 	if err != nil {
 		return