* px5g - Embedded x509 key and certificate generator based on PolarSSL
*
* Copyright (C) 2009 Steven Barth <steven@midlink.org>
- * Copyright (C) 2014 Felix Fietkau <nbd@openwrt.org>
+ * Copyright (C) 2014 Felix Fietkau <nbd@nbd.name>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
char *keypath = NULL, *certpath = NULL;
bool pem = true;
time_t from = time(NULL), to;
- char fstr[20], tstr[20];
+ char fstr[20], tstr[20], sstr[17];
int len;
while (*arg && **arg == '-') {
}
memcpy(newc, oldc, delim - oldc);
newc += delim - oldc;
- *newc++ = ';';
+ *newc++ = ',';
oldc = delim + 1;
} while(*delim);
arg++;
" and validity %s-%s\n", subject, fstr, tstr);
x509write_crt_init(&cert);
- x509write_crt_set_md_alg(&cert, POLARSSL_MD_SHA1);
+ x509write_crt_set_md_alg(&cert, POLARSSL_MD_SHA256);
x509write_crt_set_issuer_key(&cert, &key);
x509write_crt_set_subject_key(&cert, &key);
x509write_crt_set_subject_name(&cert, subject);
x509write_crt_set_subject_key_identifier(&cert);
x509write_crt_set_authority_key_identifier(&cert);
+ _urandom(NULL, buf, 8);
+ for (len = 0; len < 8; len++)
+ sprintf(sstr + len*2, "%02x", (unsigned char) buf[len]);
+
mpi_init(&serial);
- mpi_read_string(&serial, 10, "1");
+ mpi_read_string(&serial, 16, sstr);
x509write_crt_set_serial(&cert, &serial);
if (pem) {