Gitweb:
https://git.exim.org/exim.git/commitdiff/1613fd68b5931757016c3c25fdc3b0f37827e7f1
Commit: 1613fd68b5931757016c3c25fdc3b0f37827e7f1
Parent: c59b09dc16145178a29850e7bda7d6bc6dedbc58
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Thu May 24 16:28:20 2018 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Thu May 24 16:28:20 2018 +0100
Use serial number 1 for self-generated selfsigned certificate
Broken-by: 23bb69826c
---
doc/doc-txt/ChangeLog | 3 +++
src/src/tls-gnu.c | 2 +-
src/src/tls-openssl.c | 2 +-
3 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index e4d1719..261c5652 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -43,6 +43,9 @@ JH/06 Bug 2275: The MIME ACL unlocked the received message files early, and
JH/07 Bug 177: Make a random-recipient callout success visible in ACL, by setting
$sender_verify_failure/$recipient_verify_failure to "random".
+JH/08 When generating a selfsigned cert, use serial number 1 since zero is not
+ legitimate.
+
Exim version 4.91
-----------------
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 35816cd..08c1d93 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -790,7 +790,7 @@ if ((rc = gnutls_x509_privkey_generate(pkey, GNUTLS_PK_RSA,
goto err;
where = US"configuring cert";
-now = 0;
+now = 1;
if ( (rc = gnutls_x509_crt_set_version(cert, 3))
|| (rc = gnutls_x509_crt_set_serial(cert, &now, sizeof(now)))
|| (rc = gnutls_x509_crt_set_activation_time(cert, now = time(NULL)))
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index e69b64c..db48c94 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1000,7 +1000,7 @@ if (!EVP_PKEY_assign_RSA(pkey, rsa))
goto err;
X509_set_version(x509, 2); /* N+1 - version 3 */
-ASN1_INTEGER_set(X509_get_serialNumber(x509), 0);
+ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
X509_gmtime_adj(X509_get_notBefore(x509), 0);
X509_gmtime_adj(X509_get_notAfter(x509), (long)60 * 60); /* 1 hour */
X509_set_pubkey(x509, pkey);
