[gnutls-help] certtool: Serial number only 31 bit?
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sun Jan 4 23:21:34 CET 2015
On Sun, 2015-01-04 at 14:57 -0500, Daniel Kahn Gillmor wrote:
> >>> It was a limitation. Support for up to 63-bit serial numbers was added in 3.3.0.
> >> If the value received from the user for the serial number exceeds 63
> >> bits, should GnuTLS throw an error rather than truncate? I worry that
> >> silently proceeding with a truncation seems likely to cause people using
> >> certtool to issue multiple certificates with serial numbers of
> >> 0x7fffffffffffffff.
> >
> > Does it truncate? As far as I see, it already throws an error for
> > out-of-range numbers.
> sorry, i should have been more clear that i was talking about certtool.
> for example:
> certtool -p key.pem
> echo 'serial = 10000000000000000000' > template
> echo 'serial = 10000000000000000001' > template2
Correct. I've now added a check.
regards,
Nikos
More information about the Gnutls-help
mailing list