crypto/x509: return error for missing SerialNumber.

If the SerialNumber is nil in the template then the resulting panic is rather deep in encoding/asn1 and it's not obvious what went wrong. This change tests and returns a more helpful error in this case. Fixes #16603. Change-Id: Ib30d652555191eb78f705dff8d909e4b5808f9ca Reviewed-on: https://go-review.googlesource.com/27238Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

crypto/x509: return error for missing SerialNumber.
If the SerialNumber is nil in the template then the resulting panic is rather deep in encoding/asn1 and it's not obvious what went wrong. This change tests and returns a more helpful error in this case. Fixes #16603. Change-Id: Ib30d652555191eb78f705dff8d909e4b5808f9ca Reviewed-on: https://go-review.googlesource.com/27238Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
b23b9a76 · Adam Langley · c2322b7e · b23b9a76
Commit b23b9a76 authored Aug 17, 2016 by Adam Langley
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

src/crypto/x509/x509.go src/crypto/x509/x509.go +4 -0

No files found.
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -1577,6 +1577,10 @@ func CreateCertificate(rand io.Reader, template, parent *Certificate, pub, priv
 		return nil, errors.New("x509: certificate private key does not implement crypto.Signer")
 	}
+	if template.SerialNumber == nil {
+		return nil, errors.New("x509: no SerialNumber given")
+	}
 	hashFunc, signatureAlgorithm, err := signingParamsForPublicKey(key.Public(), template.SignatureAlgorithm)
 	if err != nil {
 		return nil, err