we don't accept a serial number with leading zeroes
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 14 Mar 2010 18:41:40 +0000 (19:41 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 14 Mar 2010 18:41:40 +0000 (19:41 +0100)
src/pki/commands/issue.c
src/pki/commands/self.c

index 07ab906..abd61b7 100644 (file)
@@ -212,6 +212,11 @@ static int issue()
                        goto end;
                }
                rng->allocate_bytes(rng, 8, &serial);
+               while (*serial.ptr == 0x00)
+               {
+                       /* we don't accept a serial number with leading zeroes */
+                       rng->get_bytes(rng, 1, serial.ptr);
+               }
                rng->destroy(rng);
        }
 
index 30ae23b..d283daa 100644 (file)
@@ -158,6 +158,11 @@ static int self()
                        goto end;
                }
                rng->allocate_bytes(rng, 8, &serial);
+               while (*serial.ptr == 0x00)
+               {
+                       /* we don't accept a serial number with leading zeroes */
+                       rng->get_bytes(rng, 1, serial.ptr);
+               }
                rng->destroy(rng);
        }
        not_before = time(NULL);