projects / librecmc / librecmc.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
treewide: replace nbd@openwrt.org with nbd@nbd.name
[librecmc/librecmc.git] / package / utils / px5g / px5g.c
diff --git a/package/utils/px5g/px5g.c b/package/utils/px5g/px5g.c
index 6b977081e120405a2b0644f8250e04533294a534..e9b82c276748aed6c84d010c33a88458fc307270 100644 (file)
--- a/package/utils/px5g/px5g.c
+++ b/package/utils/px5g/px5g.c
@@ -2,7 +2,7 @@
  * px5g - Embedded x509 key and certificate generator based on PolarSSL
  *
  *   Copyright (C) 2009 Steven Barth <steven@midlink.org>
- *   Copyright (C) 2014 Felix Fietkau <nbd@openwrt.org>
+ *   Copyright (C) 2014 Felix Fietkau <nbd@nbd.name>
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Lesser General Public
@@ -143,7 +143,7 @@ int selfsigned(char **arg)
        char *keypath = NULL, *certpath = NULL;
        bool pem = true;
        time_t from = time(NULL), to;
-       char fstr[20], tstr[20];
+       char fstr[20], tstr[20], sstr[17];
        int len;
 
        while (*arg && **arg == '-') {
@@ -188,7 +188,7 @@ int selfsigned(char **arg)
                                }
                                memcpy(newc, oldc, delim - oldc);
                                newc += delim - oldc;
-                               *newc++ = ';';
+                               *newc++ = ',';
                                oldc = delim + 1;
                        } while(*delim);
                        arg++;
@@ -212,7 +212,7 @@ int selfsigned(char **arg)
                        " and validity %s-%s\n", subject, fstr, tstr);
 
        x509write_crt_init(&cert);
-       x509write_crt_set_md_alg(&cert, POLARSSL_MD_SHA1);
+       x509write_crt_set_md_alg(&cert, POLARSSL_MD_SHA256);
        x509write_crt_set_issuer_key(&cert, &key);
        x509write_crt_set_subject_key(&cert, &key);
        x509write_crt_set_subject_name(&cert, subject);
@@ -222,8 +222,12 @@ int selfsigned(char **arg)
        x509write_crt_set_subject_key_identifier(&cert);
        x509write_crt_set_authority_key_identifier(&cert);
 
+       _urandom(NULL, buf, 8);
+       for (len = 0; len < 8; len++)
+               sprintf(sstr + len*2, "%02x", (unsigned char) buf[len]);
+
        mpi_init(&serial);
-       mpi_read_string(&serial, 10, "1");
+       mpi_read_string(&serial, 16, sstr);
        x509write_crt_set_serial(&cert, &serial);
 
        if (pem) {