Skip to content

Commit e0e52a6

Browse files
rdebathrdebath
committed
Follow OpenSSL in using larger serial numbers
1 parent 08309c9 commit e0e52a6

File tree

1 file changed

+11
-8
lines changed

1 file changed

+11
-8
lines changed

mk-cert

Lines changed: 11 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1261,9 +1261,10 @@ build_v3_extensions() {
12611261
}
12621262

12631263
mk_rand() {
1264-
RH="$(openssl rand -hex "$1" 2>/dev/null ||:)"
1264+
local RH RL=16
1265+
RH="$(openssl rand -hex "$RL" 2>/dev/null ||:)"
12651266
[[ "$RH" = '' ]] &&
1266-
RH="$(openssl rand "$1" | od -x | sed -n '1{s/^[^ ]*//;s/ //gp;}' )"
1267+
RH="$(openssl rand "$RL" | od -x | sed -n '1{s/^[^ ]*//;s/ //gp;}' )"
12671268
echo "$RH"
12681269
}
12691270

@@ -1324,7 +1325,7 @@ apply_options() {
13241325
fi
13251326

13261327
[[ "$ADDDNQ" = yes ]] && {
1327-
[[ "$SERIAL" = "" ]] && DNQ="$(mk_rand 8)" || DNQ="$SERIAL"
1328+
[[ "$SERIAL" = "" ]] && DNQ="$(mk_rand)" || DNQ="$SERIAL"
13281329

13291330
[[ "$SERIAL" = "" && "$NOSETSERIAL" != yes ]] &&
13301331
SERIAL="$DNQ"
@@ -1377,7 +1378,7 @@ mkreqconf() {
13771378
echo "dnQualifier= Additional subject qualifier"
13781379
if [[ "$SERIAL" != "" ]]
13791380
then echo "dnQualifier_default=$SERIAL"
1380-
else echo "dnQualifier_default=$(mk_rand 8)"
1381+
else echo "dnQualifier_default=$(mk_rand)"
13811382
fi
13821383
;;
13831384
esac
@@ -1399,6 +1400,8 @@ create_main_cert() {
13991400
[[ "$SSKEY" = '' ]] &&
14001401
SSKEY="$(mkkey)"
14011402

1403+
[[ "$SERIAL" = "" && "$NOSETSERIAL" != yes ]] && SERIAL="$(mk_rand)"
1404+
14021405
# openssl complains about unused -days.
14031406
if [[ "$MAKECSR" != yes ]]
14041407
then CERT_DAYS_OPT="-days ${CERT_DAYS:-$DEFAULT_DAYS}"
@@ -1446,7 +1449,7 @@ create_suca_pem() {
14461449
then
14471450
if [[ "$SERIAL" != '' ]]
14481451
then echo "dnQualifier=$SERIAL"
1449-
else echo "dnQualifier=$(mk_rand 8)"
1452+
else echo "dnQualifier=$(mk_rand)"
14501453
fi
14511454
fi
14521455

@@ -1467,10 +1470,10 @@ create_suca_pem() {
14671470
echo '#END'
14681471
}
14691472

1470-
[[ "$SERIAL" = "" && "$NOSETSERIAL" != yes ]] && SERIAL="$(mk_rand 8)"
1473+
[[ "$SERIAL" = "" && "$NOSETSERIAL" != yes ]] && SERIAL="$(mk_rand)"
14711474
CAKEY="$(mkkey)"
14721475

1473-
[[ "$NOSETSERIAL" != yes ]] && CASER="$(mk_rand 8)"
1476+
[[ "$NOSETSERIAL" != yes ]] && CASER="$(mk_rand)"
14741477

14751478
[[ "$SHOWCONF" = yes ]] && mksucareqconf
14761479

@@ -1489,7 +1492,7 @@ sign_created_csr() {
14891492

14901493
[[ "$SIGNPEM" = "" ]] && return 0
14911494

1492-
[[ "$SERIAL" = "" ]] && SERIAL="$(mk_rand 8)"
1495+
[[ "$SERIAL" = "" ]] && SERIAL="$(mk_rand)"
14931496

14941497
# Default to days left on CA certificate
14951498
# shellcheck disable=SC2046 # I knooow

0 commit comments

Comments
 (0)