Reject empty generation strings. Reported by Hanno Böck <hanno@hboeck.de> Reviewed-by: Rich Salz <rsalz@openssl.org>