aboutsummaryrefslogtreecommitdiffstats
path: root/package
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2014-11-03 18:12:42 +0000
committerJo-Philipp Wich <jow@openwrt.org>2014-11-03 18:12:42 +0000
commit0ceece4c82490197d5cefe11fa640c3a51159322 (patch)
tree2c17ab9bc94c126b105b796e39865d82ca57415c /package
parent74a3a77bcd6842b03806dcbdcd49e0bce8767174 (diff)
downloadupstream-0ceece4c82490197d5cefe11fa640c3a51159322.tar.gz
upstream-0ceece4c82490197d5cefe11fa640c3a51159322.tar.bz2
upstream-0ceece4c82490197d5cefe11fa640c3a51159322.zip
px5g: generate unique serial numbers
Generate a random serial from /dev/urandom when creating selfsigned certs. Fixes "sec_error_reused_issuer_and_serial" with Firefox. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 43168
Diffstat (limited to 'package')
-rw-r--r--package/utils/px5g/Makefile4
-rw-r--r--package/utils/px5g/px5g.c8
2 files changed, 8 insertions, 4 deletions
diff --git a/package/utils/px5g/Makefile b/package/utils/px5g/Makefile
index 9c0caa7b8d..df2a170d84 100644
--- a/package/utils/px5g/Makefile
+++ b/package/utils/px5g/Makefile
@@ -1,5 +1,5 @@
#
-# Copyright (C) 2010 Jo-Philipp Wich <xm@subsignal.org>
+# Copyright (C) 2010-2014 Jo-Philipp Wich <xm@subsignal.org>
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
@@ -8,7 +8,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=px5g
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)
PKG_USE_MIPS16:=0
diff --git a/package/utils/px5g/px5g.c b/package/utils/px5g/px5g.c
index 6b977081e1..633aa51361 100644
--- a/package/utils/px5g/px5g.c
+++ b/package/utils/px5g/px5g.c
@@ -143,7 +143,7 @@ int selfsigned(char **arg)
char *keypath = NULL, *certpath = NULL;
bool pem = true;
time_t from = time(NULL), to;
- char fstr[20], tstr[20];
+ char fstr[20], tstr[20], sstr[17];
int len;
while (*arg && **arg == '-') {
@@ -222,8 +222,12 @@ int selfsigned(char **arg)
x509write_crt_set_subject_key_identifier(&cert);
x509write_crt_set_authority_key_identifier(&cert);
+ _urandom(NULL, buf, 8);
+ for (len = 0; len < 8; len++)
+ sprintf(sstr + len*2, "%02x", (unsigned char) buf[len]);
+
mpi_init(&serial);
- mpi_read_string(&serial, 10, "1");
+ mpi_read_string(&serial, 16, sstr);
x509write_crt_set_serial(&cert, &serial);
if (pem) {