crypto/x509: if a parent cert has a raw subject, use it.

This avoids a problem when creating certificates with parents that were produce by other code: the Go structures don't contain all the information about the various ASN.1 string types etc and so that information would otherwise be lost. R=golang-dev, rsc CC=golang-dev https://golang.org/cl/5453067
author: Adam Langley <agl@golang.org> 2011-12-06 16:42:48 -0500
committer: Adam Langley <agl@golang.org> 2011-12-06 16:42:48 -0500
commit: 02d1dae1069f881ea6b53ecc3cbf3bbe3ac40a72 (patch)
tree: 99db9c485d304682c3b1ab429e10d4df25e13fd7
parent: ee8b597b1f1ffa634189cdd8ab23f976f65dab7f (diff)
download: go-02d1dae1069f881ea6b53ecc3cbf3bbe3ac40a72.tar.gz
go-02d1dae1069f881ea6b53ecc3cbf3bbe3ac40a72.zip
1 files changed, 8 insertions, 3 deletions
diff --git a/src/pkg/crypto/x509/x509.go b/src/pkg/crypto/x509/x509.go
index 7e6b5c96f5..65ca315800 100644
--- a/src/pkg/crypto/x509/x509.go
+++ b/src/pkg/crypto/x509/x509.go
@@ -927,10 +927,15 @@ func CreateCertificate(rand io.Reader, template, parent *Certificate, pub *rsa.P
 		return
 	}
 
-	asn1Issuer, err := asn1.Marshal(parent.Subject.ToRDNSequence())
-	if err != nil {
-		return
+	var asn1Issuer []byte
+	if len(parent.RawSubject) > 0 {
+		asn1Issuer = parent.RawSubject
+	} else {
+		if asn1Issuer, err = asn1.Marshal(parent.Subject.ToRDNSequence()); err != nil {
+			return
+		}
 	}
+
 	asn1Subject, err := asn1.Marshal(template.Subject.ToRDNSequence())
 	if err != nil {
 		return
author	Adam Langley <agl@golang.org>	2011-12-06 16:42:48 -0500
committer	Adam Langley <agl@golang.org>	2011-12-06 16:42:48 -0500
commit	02d1dae1069f881ea6b53ecc3cbf3bbe3ac40a72 (patch)
tree	99db9c485d304682c3b1ab429e10d4df25e13fd7
parent	ee8b597b1f1ffa634189cdd8ab23f976f65dab7f (diff)
download	go-02d1dae1069f881ea6b53ecc3cbf3bbe3ac40a72.tar.gz go-02d1dae1069f881ea6b53ecc3cbf3bbe3ac40a72.zip