1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-22 16:25:17 +00:00

Fix certificate serial numbering

This commit is contained in:
Lauri Võsandi 2018-04-13 07:57:49 +00:00
parent ffd1281b83
commit a0e263385b
2 changed files with 2 additions and 1 deletions

View File

@ -50,6 +50,7 @@ class OCSPResource(AuthorityHandler):
responses = [] responses = []
for item in ocsp_req["tbs_request"]["request_list"]: for item in ocsp_req["tbs_request"]["request_list"]:
serial = item["req_cert"]["serial_number"].native serial = item["req_cert"]["serial_number"].native
assert serial > 0, "Serial number correctness check failed"
try: try:
link_target = os.readlink(os.path.join(config.SIGNED_BY_SERIAL_DIR, "%x.pem" % serial)) link_target = os.readlink(os.path.join(config.SIGNED_BY_SERIAL_DIR, "%x.pem" % serial))

View File

@ -380,7 +380,7 @@ def _sign(csr, buf, skip_notify=False, skip_push=False, overwrite=False, profile
builder = CertificateBuilder(dn, csr_pubkey) builder = CertificateBuilder(dn, csr_pubkey)
builder.serial_number = random.randint( builder.serial_number = random.randint(
0x1000000000000000000000000000000000000000, 0x1000000000000000000000000000000000000000,
0xffffffffffffffffffffffffffffffffffffffff) 0x7fffffffffffffffffffffffffffffffffffffff)
now = datetime.utcnow() now = datetime.utcnow()
builder.begin_date = now - timedelta(minutes=5) builder.begin_date = now - timedelta(minutes=5)