commit 3c89dca09e4445ef0748be201609cabd9bc4ed03
author Hanno Becker <hanno.becker@arm.com> Thu Oct 05 07:39:45 2017 +0100
committer Hanno Becker <hanno.becker@arm.com> Thu Oct 05 07:39:45 2017 +0100
tree 872313c6126431a0c443328b3a58bbedaeb4c1d0
parent 234d503b3abcdd4a7bb2c14867332cab86a4fda3

Omit version from X.509 v1 certificates

The version field in an X.509 certificate is optional and defaults to v1, so it
may be omitted in this case.

library/x509write_crt.c

diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 1d9f0d2..b644995 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -385,16 +385,20 @@
     /*
      *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
      */
-    sub_len = 0;
-    ASN1_CHK_ADD( sub_len, asn1_write_int( &c, tmp_buf, ctx->version ) );
-    len += sub_len;
-    ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) );
-    ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC |
-                                                    ASN1_CONSTRUCTED | 0 ) );
+
+    if( ctx->version != X509_CRT_VERSION_1 )
+    {
+        sub_len = 0;
+        ASN1_CHK_ADD( sub_len, asn1_write_int( &c, tmp_buf, ctx->version ) );
+        len += sub_len;
+        ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) );
+        ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC |
+                                           ASN1_CONSTRUCTED | 0 ) );
+    }
 
     ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
     ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED |
-                                                    ASN1_SEQUENCE ) );
+                                       ASN1_SEQUENCE ) );
 
     /*
      * Make signature