sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-06 00:00:47 -04:00
Code Issues Projects Releases Wiki Activity

pki: Don't generate negative random serial numbers in X.509 certificates

Browse Source 
According to RFC 5280 4.1.2.2 we MUST force non-negative serial numbers.
This commit is contained in:
Martin Willi 2014-02-05 11:05:28 +01:00
parent 0226ca886d
commit e49197f15e
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/pki/commands/issue.c
View File

@ -363,6 +363,7 @@ static int issue()
rng->destroy(rng);
goto end;
}
serial.ptr[0] &= 0x7F;
rng->destroy(rng);
}

1
src/pki/commands/self.c
View File

@ -314,6 +314,7 @@ static int self()
rng->destroy(rng);
goto end;
}
serial.ptr[0] &= 0x7F;
rng->destroy(rng);
}
not_before = time(NULL);