lib: Fix Coverity ID 1509061 Use of 32-bit time_t

"man gnutls_x509_crt_set_serial" says that the serial number should be
a big-endian positive integer of up to 20 bytes....

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

diff --git a/source4/lib/tls/tlscert.c b/source4/lib/tls/tlscert.c
index 08386166a5594fb64afa4181bd96dfcce52b10ce..9f7e59f27967baa0f9f2dafeacf0decaff4ad01c 100644 (file)
--- a/source4/lib/tls/tlscert.c
+++ b/source4/lib/tls/tlscert.c
@@ -45,7 +45,7 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx,
 {
        gnutls_x509_crt_t cacrt, crt;
        gnutls_x509_privkey_t key, cakey;
-       uint32_t serial = (uint32_t)time(NULL);
+       uint8_t serial[8];
        unsigned char keyid[100];
        char buf[4096];
        size_t bufsize;
@@ -90,7 +90,10 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx,
                                      GNUTLS_OID_X520_COMMON_NAME, 0,
                                      hostname, strlen(hostname)));
        TLSCHECK(gnutls_x509_crt_set_key(cacrt, cakey));
+
+       PUSH_BE_U64(serial, 0, time(NULL));
        TLSCHECK(gnutls_x509_crt_set_serial(cacrt, &serial, sizeof(serial)));
+
        TLSCHECK(gnutls_x509_crt_set_activation_time(cacrt, activation));
        TLSCHECK(gnutls_x509_crt_set_expiration_time(cacrt, expiry));
        TLSCHECK(gnutls_x509_crt_set_ca_status(cacrt, 1));