diff --git a/lib/modules/Standards.pmod/X509.pmod b/lib/modules/Standards.pmod/X509.pmod
index a3a9756a497bc0a5daa2cfdf1644efb53a03a567..26205060f93510eb0a240464b8c949f4b0c0e7f8 100644
--- a/lib/modules/Standards.pmod/X509.pmod
+++ b/lib/modules/Standards.pmod/X509.pmod
@@ -926,8 +926,15 @@ class TBSCertificate
     if( o->type_name!="SEQUENCE" )
       return 0;
     Sequence s = [object(Sequence)]o;
-    if( sizeof(s)<1 || sizeof(s)>2 || s[0]->type_name!="BOOLEAN" )
+    if( sizeof(s)==0 )
+    {
+      ext_basicConstraints = 1;
+      ext_basicConstraints_cA = 0;
+      return 1;
+    }
+    if( sizeof(s)>2 || s[0]->type_name!="BOOLEAN" )
       return 0;
+
     if( sizeof(s)==2 )
     {
       if( s[1]->type_name!="INTEGER" || s[0]->value==0 || s[1]->value<0 )
@@ -937,6 +944,9 @@ class TBSCertificate
       // isn't set in key usage. We need to check that at a higher
       // level though.
     }
+    else
+      ext_basicConstraints_pathLenConstraint = 0;
+
     ext_basicConstraints = 1;
     ext_basicConstraints_cA = s[0]->value;
     return 1;
@@ -1284,7 +1294,7 @@ string make_selfsigned_certificate(Crypto.Sign c, int ttl,
   add("subjectKeyIdentifier",
       OctetString( Crypto.SHA1.hash(c->pkcs_public_key()->get_der()) ));
   add("keyUsage", build_keyUsage(KU_digitalSignature|KU_keyEncipherment), 1);
-  add("basicConstraints", Sequence(({Boolean(0)})), 1);
+  add("basicConstraints", Sequence(({})), 1);
 
   return sign_key(dn, c, c, h||Crypto.SHA256, dn, serial, ttl, extensions);
 }
@@ -1309,7 +1319,7 @@ string make_site_certificate(TBSCertificate ca, Crypto.Sign ca_key,
   if(!extensions) extensions = ([]);
   // FIXME: authorityKeyIdentifier
   add("keyUsage", build_keyUsage(KU_digitalSignature|KU_keyEncipherment), 1);
-  add("basicConstraints", Sequence(({Boolean(0)})), 1);
+  add("basicConstraints", Sequence(({})), 1);
   return sign_key(ca->subject, c, ca_key, h||Crypto.SHA256, dn, serial, ttl, extensions);
 }
 
diff --git a/lib/modules/Standards.pmod/testsuite.in b/lib/modules/Standards.pmod/testsuite.in
index d45ec6d674cb16fe0019767b3890c58df9787f13..1efab73df27e9301fc66e5366157066a5a581e9d 100644
--- a/lib/modules/Standards.pmod/testsuite.in
+++ b/lib/modules/Standards.pmod/testsuite.in
@@ -268,7 +268,7 @@ test_any_equal([[
   "extensions" : ([
       Standards.ASN1.Types.Identifier(2,5,29,14): "\4\24\214\366\177.l>\273\345\317\361z\262""4\366.\264\346B|K",
       Standards.ASN1.Types.Identifier(2,5,29,15): "\3\2\5\240",
-      Standards.ASN1.Types.Identifier(2,5,29,19): "0\3\1\1\0"
+      Standards.ASN1.Types.Identifier(2,5,29,19): "0\0"
   ]),
   "public_key": 1,
 ]) ]])