From ccac7ce1779f45d676fa3a2f28b470c6a416fe5b Mon Sep 17 00:00:00 2001 From: jow Date: Sun, 25 Jan 2015 23:56:02 +0000 Subject: [PATCH] BB: px5g: generate unique serial numbers Generate a random serial from /dev/urandom when creating selfsigned certs. Fixes "sec_error_reused_issuer_and_serial" with Firefox. Signed-off-by: Jo-Philipp Wich Backport of r43168 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44151 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- package/utils/px5g/Makefile | 4 ++-- package/utils/px5g/px5g.c | 8 ++++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/package/utils/px5g/Makefile b/package/utils/px5g/Makefile index 9c0caa7..df2a170 100644 --- a/package/utils/px5g/Makefile +++ b/package/utils/px5g/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2010 Jo-Philipp Wich +# Copyright (C) 2010-2014 Jo-Philipp Wich # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=px5g -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT) PKG_USE_MIPS16:=0 diff --git a/package/utils/px5g/px5g.c b/package/utils/px5g/px5g.c index 6b97708..633aa51 100644 --- a/package/utils/px5g/px5g.c +++ b/package/utils/px5g/px5g.c @@ -143,7 +143,7 @@ int selfsigned(char **arg) char *keypath = NULL, *certpath = NULL; bool pem = true; time_t from = time(NULL), to; - char fstr[20], tstr[20]; + char fstr[20], tstr[20], sstr[17]; int len; while (*arg && **arg == '-') { @@ -222,8 +222,12 @@ int selfsigned(char **arg) x509write_crt_set_subject_key_identifier(&cert); x509write_crt_set_authority_key_identifier(&cert); + _urandom(NULL, buf, 8); + for (len = 0; len < 8; len++) + sprintf(sstr + len*2, "%02x", (unsigned char) buf[len]); + mpi_init(&serial); - mpi_read_string(&serial, 10, "1"); + mpi_read_string(&serial, 16, sstr); x509write_crt_set_serial(&cert, &serial); if (pem) { -- 2.35.1