|
|
@@ -585,6 +585,8 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
|
|
|
const char *cname_sign,
|
|
|
unsigned int cert_lifetime)
|
|
|
{
|
|
|
+ /* OpenSSL generates self-signed certificates with random 64-bit serial
|
|
|
+ * numbers, so let's do that too. */
|
|
|
#define SERIAL_NUMBER_SIZE 8
|
|
|
|
|
|
time_t start_time, end_time;
|
|
|
@@ -612,12 +614,12 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
|
|
|
goto error;
|
|
|
|
|
|
{ /* our serial number is 8 random bytes. */
|
|
|
- if (crypto_rand((char *)serial_tmp, sizeof(serial_tmp)) < 0)
|
|
|
- goto error;
|
|
|
- if (!(serial_number = BN_bin2bn(serial_tmp, sizeof(serial_tmp), NULL)))
|
|
|
- goto error;
|
|
|
- if (!(BN_to_ASN1_INTEGER(serial_number, X509_get_serialNumber(x509))))
|
|
|
- goto error;
|
|
|
+ if (crypto_rand((char *)serial_tmp, sizeof(serial_tmp)) < 0)
|
|
|
+ goto error;
|
|
|
+ if (!(serial_number = BN_bin2bn(serial_tmp, sizeof(serial_tmp), NULL)))
|
|
|
+ goto error;
|
|
|
+ if (!(BN_to_ASN1_INTEGER(serial_number, X509_get_serialNumber(x509))))
|
|
|
+ goto error;
|
|
|
}
|
|
|
|
|
|
if (!(name = tor_x509_name_new(cname)))
|
Nick Mathewson