From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Sun, 14 Mar 2010 18:41:40 +0000 (+0100)
Subject: we don't accept a serial number with leading zeroes
X-Git-Tag: 4.4.0~219
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c0df187cb40dfaf427f5b343275e2edc46f5c4d1;p=thirdparty%2Fstrongswan.git

we don't accept a serial number with leading zeroes
---

diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index 07ab9066ac..abd61b74ed 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -212,6 +212,11 @@ static int issue()
 			goto end;
 		}
 		rng->allocate_bytes(rng, 8, &serial);
+		while (*serial.ptr == 0x00)
+		{
+			/* we don't accept a serial number with leading zeroes */
+			rng->get_bytes(rng, 1, serial.ptr);
+		}
 		rng->destroy(rng);
 	}
 
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index 30ae23be50..d283daa6af 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -158,6 +158,11 @@ static int self()
 			goto end;
 		}
 		rng->allocate_bytes(rng, 8, &serial);
+		while (*serial.ptr == 0x00)
+		{
+			/* we don't accept a serial number with leading zeroes */
+			rng->get_bytes(rng, 1, serial.ptr);
+		}
 		rng->destroy(rng);
 	}
 	not_before = time(NULL);