Make sure to not generate a too large serial for certificate

Could cause the set_serial call to fail.
author: Joel Klinghed <the_jk@opera.com> 2023-07-18 14:11:21 +0200
committer: Joel Klinghed <the_jk@opera.com> 2023-07-18 14:11:42 +0200
commit: 4b15429a4c219f16dda9df75978adb7e8b373c2d (patch)
tree: ca850f7cf2e9e3cfdf10694c548bc11788bf3e3d
parent: 2a8a19c674dd843828771c04f25e906e3c58f845 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/ssl_mbedtls.cc b/src/ssl_mbedtls.cc
index 50c7975..3242b3c 100644
--- a/src/ssl_mbedtls.cc
+++ b/src/ssl_mbedtls.cc
@@ -618,7 +618,8 @@ bool SSLCert::generate(Logger* logger, SSLEntropy* entropy,
   }
 
   if (mbedtls_mpi_fill_random(
-          &serial, 32, mbedtls_ctr_drbg_random,
+          &serial, MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN,
+          mbedtls_ctr_drbg_random,
           static_cast<SSLEntropyImpl*>(entropy)->random())) {
     logerr(logger, ret, "Unable generate serial");
     goto error;
author	Joel Klinghed <the_jk@opera.com>	2023-07-18 14:11:21 +0200
committer	Joel Klinghed <the_jk@opera.com>	2023-07-18 14:11:42 +0200
commit	4b15429a4c219f16dda9df75978adb7e8b373c2d (patch)
tree	ca850f7cf2e9e3cfdf10694c548bc11788bf3e3d
parent	2a8a19c674dd843828771c04f25e906e3c58f845 (diff)