ASN1: Fix type handling in AKID serial number conversion
The Authority Key Identifier's serial number field is an ASN1 integer, so use
the appropriate i2s_ASN1_INTEGER function instead of i2s_ASN1_OCTET_STRING
for string conversion. This fixes handling of negative serial numbers
which were previously displayed incorrectly.
While negative serial numbers are not RFC-compliant, we want to process
existing CRLs and certificates that may contain them, as this does not cause
any security issues. Rejecting invalid serial numbers during
generation is out of scope for this change.
Fixes #27406
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 26 15:29:33 2026
(Merged from https://github.com/openssl/openssl/pull/29717)
projects / thirdparty / openssl.git / commit
