From b23b9a762c4f876a9f7575fa512074a386e3c6e1 Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@golang.org>
Date: Wed, 17 Aug 2016 13:15:28 -0700
Subject: [PATCH] crypto/x509: return error for missing SerialNumber.

If the SerialNumber is nil in the template then the resulting panic is
rather deep in encoding/asn1 and it's not obvious what went wrong.

This change tests and returns a more helpful error in this case.

Fixes #16603.

Change-Id: Ib30d652555191eb78f705dff8d909e4b5808f9ca
Reviewed-on: https://go-review.googlesource.com/27238
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
---
 src/crypto/x509/x509.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index 9ad3cf23f6..a514c06666 100644
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -1577,6 +1577,10 @@ func CreateCertificate(rand io.Reader, template, parent *Certificate, pub, priv
 		return nil, errors.New("x509: certificate private key does not implement crypto.Signer")
 	}
 
+	if template.SerialNumber == nil {
+		return nil, errors.New("x509: no SerialNumber given")
+	}
+
 	hashFunc, signatureAlgorithm, err := signingParamsForPublicKey(key.Public(), template.SignatureAlgorithm)
 	if err != nil {
 		return nil, err
-- 
2.48.1