mirror of https://github.com/hak5/openwrt.git
px5g: generate unique serial numbers
Generate a random serial from /dev/urandom when creating selfsigned certs. Fixes "sec_error_reused_issuer_and_serial" with Firefox. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 43168lede-17.01
parent
74a3a77bcd
commit
0ceece4c82
|
@ -1,5 +1,5 @@
|
||||||
#
|
#
|
||||||
# Copyright (C) 2010 Jo-Philipp Wich <xm@subsignal.org>
|
# Copyright (C) 2010-2014 Jo-Philipp Wich <xm@subsignal.org>
|
||||||
#
|
#
|
||||||
# This is free software, licensed under the GNU General Public License v2.
|
# This is free software, licensed under the GNU General Public License v2.
|
||||||
# See /LICENSE for more information.
|
# See /LICENSE for more information.
|
||||||
|
@ -8,7 +8,7 @@
|
||||||
include $(TOPDIR)/rules.mk
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=px5g
|
PKG_NAME:=px5g
|
||||||
PKG_RELEASE:=1
|
PKG_RELEASE:=2
|
||||||
|
|
||||||
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)
|
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)
|
||||||
PKG_USE_MIPS16:=0
|
PKG_USE_MIPS16:=0
|
||||||
|
|
|
@ -143,7 +143,7 @@ int selfsigned(char **arg)
|
||||||
char *keypath = NULL, *certpath = NULL;
|
char *keypath = NULL, *certpath = NULL;
|
||||||
bool pem = true;
|
bool pem = true;
|
||||||
time_t from = time(NULL), to;
|
time_t from = time(NULL), to;
|
||||||
char fstr[20], tstr[20];
|
char fstr[20], tstr[20], sstr[17];
|
||||||
int len;
|
int len;
|
||||||
|
|
||||||
while (*arg && **arg == '-') {
|
while (*arg && **arg == '-') {
|
||||||
|
@ -222,8 +222,12 @@ int selfsigned(char **arg)
|
||||||
x509write_crt_set_subject_key_identifier(&cert);
|
x509write_crt_set_subject_key_identifier(&cert);
|
||||||
x509write_crt_set_authority_key_identifier(&cert);
|
x509write_crt_set_authority_key_identifier(&cert);
|
||||||
|
|
||||||
|
_urandom(NULL, buf, 8);
|
||||||
|
for (len = 0; len < 8; len++)
|
||||||
|
sprintf(sstr + len*2, "%02x", (unsigned char) buf[len]);
|
||||||
|
|
||||||
mpi_init(&serial);
|
mpi_init(&serial);
|
||||||
mpi_read_string(&serial, 10, "1");
|
mpi_read_string(&serial, 16, sstr);
|
||||||
x509write_crt_set_serial(&cert, &serial);
|
x509write_crt_set_serial(&cert, &serial);
|
||||||
|
|
||||||
if (pem) {
|
if (pem) {
|
||||||
|
|
Loading…
Reference in New Issue