From 49d9266c31383ee3494a6762def70fa9b75829c3 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 3 Oct 2016 12:10:40 +0200
Subject: [PATCH] pki: Use serial of base CRL for delta CRLs

According to RFC 5280 delta CRLs and complete CRLs MUST share one
numbering sequence.
---
 src/pki/commands/signcrl.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c
index 6c27289f9c..6d873d326f 100644
--- a/src/pki/commands/signcrl.c
+++ b/src/pki/commands/signcrl.c
@@ -369,7 +369,10 @@ static int sign_crl()
 	}
 	else
 	{
-		crl_serial = chunk_from_chars(0x00);
+		if (!crl_serial.ptr)
+		{
+			crl_serial = chunk_from_chars(0x00);
+		}
 		lastenum = enumerator_create_empty();
 	}
 
-- 
2.47.2