git.ipfire.org Git - thirdparty/squid.git/commit

stable certificates part2

Two different certificates of the same fake Issuer must have the same serial
number. Otherwise, Firefox and possibly others will display a
sec_error_reused_issuer_and_serial error. Similarly, the same two certificates
should have the same serial number, even if generated on different
non-communicating (but identically configured) Squid boxes.

To produce unique serial numbers a temporary fake certificate with serial number
zero created, and its fingerprint used as the serial number of the final fake
certificate.

The old Ssl::CertificateDb code which was responsible to produce a serial number
for generated certificates removed.

author	Christos Tsantilas <chtsanti@users.sourceforge.net>
	Tue, 21 Feb 2012 17:25:53 +0000 (19:25 +0200)
committer	Christos Tsantilas <chtsanti@users.sourceforge.net>
	Tue, 21 Feb 2012 17:25:53 +0000 (19:25 +0200)
commit	a0b971d53f489dc19ab9a4b06dd5eb34a6c3a16f
tree	776a7400a643576ba34dc6517cbd3b184162f244	tree \| snapshot
parent	780b55eea61b2743e11433d58d8e83d242495c62	commit \| diff

src/ssl/certificate_db.cc		diff \| blob \| blame \| history
src/ssl/certificate_db.h		diff \| blob \| blame \| history
src/ssl/gadgets.cc		diff \| blob \| blame \| history
src/ssl/gadgets.h		diff \| blob \| blame \| history
src/ssl/ssl_crtd.cc		diff \| blob \| blame \| history