[exim-cvs] Use serial number 1 for self-generated selfsigned…

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Use serial number 1 for self-generated selfsigned certificate
Gitweb: https://git.exim.org/exim.git/commitdiff/1613fd68b5931757016c3c25fdc3b0f37827e7f1
Commit:     1613fd68b5931757016c3c25fdc3b0f37827e7f1
Parent:     c59b09dc16145178a29850e7bda7d6bc6dedbc58
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Thu May 24 16:28:20 2018 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Thu May 24 16:28:20 2018 +0100


    Use serial number 1 for self-generated selfsigned certificate


    Broken-by: 23bb69826c
---
 doc/doc-txt/ChangeLog | 3 +++
 src/src/tls-gnu.c     | 2 +-
 src/src/tls-openssl.c | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index e4d1719..261c5652 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -43,6 +43,9 @@ JH/06 Bug 2275: The MIME ACL unlocked the received message files early, and
 JH/07 Bug 177: Make a random-recipient callout success visible in ACL, by setting
       $sender_verify_failure/$recipient_verify_failure to "random".


+JH/08 When generating a selfsigned cert, use serial number 1 since zero is not
+      legitimate.
+


Exim version 4.91
-----------------
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 35816cd..08c1d93 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -790,7 +790,7 @@ if ((rc = gnutls_x509_privkey_generate(pkey, GNUTLS_PK_RSA,
goto err;

 where = US"configuring cert";
-now = 0;
+now = 1;
 if (  (rc = gnutls_x509_crt_set_version(cert, 3))
    || (rc = gnutls_x509_crt_set_serial(cert, &now, sizeof(now)))
    || (rc = gnutls_x509_crt_set_activation_time(cert, now = time(NULL)))
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index e69b64c..db48c94 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1000,7 +1000,7 @@ if (!EVP_PKEY_assign_RSA(pkey, rsa))
   goto err;


 X509_set_version(x509, 2);                /* N+1 - version 3 */
-ASN1_INTEGER_set(X509_get_serialNumber(x509), 0);
+ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
 X509_gmtime_adj(X509_get_notBefore(x509), 0);
 X509_gmtime_adj(X509_get_notAfter(x509), (long)60 * 60);    /* 1 hour */
 X509_set_pubkey(x509, pkey);