From: Adam Langley <agl@golang.org>
Date: Wed, 17 Aug 2016 20:15:28 +0000 (-0700)
Subject: crypto/x509: return error for missing SerialNumber.
X-Git-Tag: go1.8beta1~1804
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=b23b9a762c4f876a9f7575fa512074a386e3c6e1;p=gostls13.git

crypto/x509: return error for missing SerialNumber.

If the SerialNumber is nil in the template then the resulting panic is
rather deep in encoding/asn1 and it's not obvious what went wrong.

This change tests and returns a more helpful error in this case.

Fixes #16603.

Change-Id: Ib30d652555191eb78f705dff8d909e4b5808f9ca
Reviewed-on: https://go-review.googlesource.com/27238
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
---

diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index 9ad3cf23f6..a514c06666 100644
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -1577,6 +1577,10 @@ func CreateCertificate(rand io.Reader, template, parent *Certificate, pub, priv
 		return nil, errors.New("x509: certificate private key does not implement crypto.Signer")
 	}
 
+	if template.SerialNumber == nil {
+		return nil, errors.New("x509: no SerialNumber given")
+	}
+
 	hashFunc, signatureAlgorithm, err := signingParamsForPublicKey(key.Public(), template.SignatureAlgorithm)
 	if err != nil {
 		return nil, err