From 8100490a728f2915dbc375894c7984be23fbe47d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 21 Jan 2000 02:42:14 +0000 Subject: [PATCH] Make -CAcreateserial start from 1 instead of 0 for serial numbers. --- CHANGES | 7 +++++++ apps/x509.c | 4 ++-- doc/apps/x509.pod | 5 +++-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 9d96037cd4..cb4ec5b3e8 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,13 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] + *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1 + for the first serial number and places 2 in the serial number file. This + avoids problems when the root CA is created with serial number zero and + the first user certificate has the same issuer name and serial number + as the root CA. + [Steve Henson] + *) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses the new code. Add documentation for this stuff. [Steve Henson] diff --git a/apps/x509.c b/apps/x509.c index 62982e4227..c5b163ea70 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -943,8 +943,8 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, } else { - ASN1_INTEGER_set(bs,0); - BN_zero(serial); + ASN1_INTEGER_set(bs,1); + BN_one(serial); } } else diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index 52ac949b18..52c3589e7b 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -311,8 +311,9 @@ The default filename consists of the CA certificate file base name with =item B<-CAcreateserial filename> with this option the CA serial number file is created if it does not exist: -it will contain the serial number "01". Normally if the B<-CA> option is -specified and the serial number file does not exist it is an error. +it will contain the serial number "02" and the certificate being signed will +have the 1 as its serial number. Normally if the B<-CA> option is specified +and the serial number file does not exist it is an error. =item B<-extfile filename> -- 2.25.1