px5g: generate unique serial numbers

Generate a random serial from /dev/urandom when creating selfsigned certs.
Fixes "sec_error_reused_issuer_and_serial" with Firefox.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43168
lede-17.01
Jo-Philipp Wich 2014-11-03 18:12:42 +00:00
parent 74a3a77bcd
commit 0ceece4c82
2 changed files with 8 additions and 4 deletions

View File

@ -1,5 +1,5 @@
# #
# Copyright (C) 2010 Jo-Philipp Wich <xm@subsignal.org> # Copyright (C) 2010-2014 Jo-Philipp Wich <xm@subsignal.org>
# #
# This is free software, licensed under the GNU General Public License v2. # This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information. # See /LICENSE for more information.
@ -8,7 +8,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=px5g PKG_NAME:=px5g
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT) PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)
PKG_USE_MIPS16:=0 PKG_USE_MIPS16:=0

View File

@ -143,7 +143,7 @@ int selfsigned(char **arg)
char *keypath = NULL, *certpath = NULL; char *keypath = NULL, *certpath = NULL;
bool pem = true; bool pem = true;
time_t from = time(NULL), to; time_t from = time(NULL), to;
char fstr[20], tstr[20]; char fstr[20], tstr[20], sstr[17];
int len; int len;
while (*arg && **arg == '-') { while (*arg && **arg == '-') {
@ -222,8 +222,12 @@ int selfsigned(char **arg)
x509write_crt_set_subject_key_identifier(&cert); x509write_crt_set_subject_key_identifier(&cert);
x509write_crt_set_authority_key_identifier(&cert); x509write_crt_set_authority_key_identifier(&cert);
_urandom(NULL, buf, 8);
for (len = 0; len < 8; len++)
sprintf(sstr + len*2, "%02x", (unsigned char) buf[len]);
mpi_init(&serial); mpi_init(&serial);
mpi_read_string(&serial, 10, "1"); mpi_read_string(&serial, 16, sstr);
x509write_crt_set_serial(&cert, &serial); x509write_crt_set_serial(&cert, &serial);
if (pem) { if (pem) {