From 02d1dae1069f881ea6b53ecc3cbf3bbe3ac40a72 Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@golang.org>
Date: Tue, 6 Dec 2011 16:42:48 -0500
Subject: [PATCH] crypto/x509: if a parent cert has a raw subject, use it.

This avoids a problem when creating certificates with parents that
were produce by other code: the Go structures don't contain all the
information about the various ASN.1 string types etc and so that
information would otherwise be lost.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5453067
---
 src/pkg/crypto/x509/x509.go | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/pkg/crypto/x509/x509.go b/src/pkg/crypto/x509/x509.go
index 7e6b5c96f5..65ca315800 100644
--- a/src/pkg/crypto/x509/x509.go
+++ b/src/pkg/crypto/x509/x509.go
@@ -927,10 +927,15 @@ func CreateCertificate(rand io.Reader, template, parent *Certificate, pub *rsa.P
 		return
 	}
 
-	asn1Issuer, err := asn1.Marshal(parent.Subject.ToRDNSequence())
-	if err != nil {
-		return
+	var asn1Issuer []byte
+	if len(parent.RawSubject) > 0 {
+		asn1Issuer = parent.RawSubject
+	} else {
+		if asn1Issuer, err = asn1.Marshal(parent.Subject.ToRDNSequence()); err != nil {
+			return
+		}
 	}
+
 	asn1Subject, err := asn1.Marshal(template.Subject.ToRDNSequence())
 	if err != nil {
 		return
-- 
2.48.1