we don't accept a serial number with leading zeroes

diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index 07ab9066acc8cc1deb41fdab59263b27273061b7..abd61b74ed8ccbd45eb206f37e534d4cf3cb2db6 100644 (file)
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -212,6 +212,11 @@ static int issue()
                        goto end;
                }
                rng->allocate_bytes(rng, 8, &serial);
+               while (*serial.ptr == 0x00)
+               {
+                       /* we don't accept a serial number with leading zeroes */
+                       rng->get_bytes(rng, 1, serial.ptr);
+               }
                rng->destroy(rng);
        }
 

diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index 30ae23be5019a6fd7af1ffaf82ffb2ee75a4ee0e..d283daa6af9e5179351f3a597c4ace096e5fe1df 100644 (file)
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -158,6 +158,11 @@ static int self()
                        goto end;
                }
                rng->allocate_bytes(rng, 8, &serial);
+               while (*serial.ptr == 0x00)
+               {
+                       /* we don't accept a serial number with leading zeroes */
+                       rng->get_bytes(rng, 1, serial.ptr);
+               }
                rng->destroy(rng);
        }
        not_before = time(NULL);