From: Martin Willi <martin@revosec.ch>
Date: Thu, 23 Dec 2010 13:50:04 +0000 (+0100)
Subject: Use incremented serial of base CRL when signing delta CRL
X-Git-Tag: 4.5.1~149
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0110c26a04445efc0f761ad4bfa24b3ba9bb8856;p=thirdparty%2Fstrongswan.git

Use incremented serial of base CRL when signing delta CRL
---

diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c
index 07f4a1343e..4b1c12e5cf 100644
--- a/src/pki/commands/signcrl.c
+++ b/src/pki/commands/signcrl.c
@@ -332,6 +332,8 @@ static int sign_crl()
 			error = "loading base CRL failed";
 			goto error;
 		}
+		memcpy(crl_serial, lastcrl->get_serial(lastcrl).ptr,
+			   min(lastcrl->get_serial(lastcrl).len, sizeof(crl_serial)));
 		baseCrlNumber = chunk_clone(lastcrl->get_serial(lastcrl));
 		DESTROY_IF((certificate_t*)lastcrl);
 		lastcrl = NULL;