diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2015-01-25 23:56:02 +0000 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2015-01-25 23:56:02 +0000 |
commit | 244e1a767ca1b67893bdc5ac5394639c0573ed6a (patch) | |
tree | a43f7b69efeaaa678e1c52a60132202b06491141 /package/utils/px5g/px5g.c | |
parent | 4c96c10525d34e355891aae1c49eb25e4a3af87f (diff) | |
download | upstream-244e1a767ca1b67893bdc5ac5394639c0573ed6a.tar.gz upstream-244e1a767ca1b67893bdc5ac5394639c0573ed6a.tar.bz2 upstream-244e1a767ca1b67893bdc5ac5394639c0573ed6a.zip |
BB: px5g: generate unique serial numbers
Generate a random serial from /dev/urandom when creating selfsigned certs.
Fixes "sec_error_reused_issuer_and_serial" with Firefox.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Backport of r43168
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44151 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/utils/px5g/px5g.c')
-rw-r--r-- | package/utils/px5g/px5g.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/package/utils/px5g/px5g.c b/package/utils/px5g/px5g.c index 6b977081e1..633aa51361 100644 --- a/package/utils/px5g/px5g.c +++ b/package/utils/px5g/px5g.c @@ -143,7 +143,7 @@ int selfsigned(char **arg) char *keypath = NULL, *certpath = NULL; bool pem = true; time_t from = time(NULL), to; - char fstr[20], tstr[20]; + char fstr[20], tstr[20], sstr[17]; int len; while (*arg && **arg == '-') { @@ -222,8 +222,12 @@ int selfsigned(char **arg) x509write_crt_set_subject_key_identifier(&cert); x509write_crt_set_authority_key_identifier(&cert); + _urandom(NULL, buf, 8); + for (len = 0; len < 8; len++) + sprintf(sstr + len*2, "%02x", (unsigned char) buf[len]); + mpi_init(&serial); - mpi_read_string(&serial, 10, "1"); + mpi_read_string(&serial, 16, sstr); x509write_crt_set_serial(&cert, &serial); if (pem) { |