diff options
| -rw-r--r-- | src/ssl_mbedtls.cc | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/ssl_mbedtls.cc b/src/ssl_mbedtls.cc index 3395d83..10de993 100644 --- a/src/ssl_mbedtls.cc +++ b/src/ssl_mbedtls.cc @@ -504,6 +504,7 @@ bool SSLCert::generate(Logger* logger, SSLEntropy* entropy, std::string const& host, SSLKey* key, std::string* cert) { mbedtls_x509write_cert crt; + mbedtls_mpi serial; char issuer_name[256]; std::string subject; bool ok = false; @@ -513,6 +514,7 @@ bool SSLCert::generate(Logger* logger, SSLEntropy* entropy, char not_after[20]; unsigned char buffer[16000]; mbedtls_x509write_crt_init(&crt); + mbedtls_mpi_init(&serial); mbedtls_x509write_crt_set_md_alg(&crt, MBEDTLS_MD_SHA256); if (key) { @@ -569,6 +571,17 @@ bool SSLCert::generate(Logger* logger, SSLEntropy* entropy, goto error; } + if (mbedtls_mpi_fill_random( + &serial, 32, mbedtls_ctr_drbg_random, + static_cast<SSLEntropyImpl*>(entropy)->random())) { + logerr(logger, ret, "Unable generate serial"); + goto error; + } + if (mbedtls_x509write_crt_set_serial(&crt, &serial)) { + logerr(logger, ret, "Unable to set serial"); + goto error; + } + ret = mbedtls_x509write_crt_pem( &crt, buffer, sizeof(buffer), mbedtls_ctr_drbg_random, @@ -581,6 +594,7 @@ bool SSLCert::generate(Logger* logger, SSLEntropy* entropy, ok = true; error: + mbedtls_mpi_free(&serial); mbedtls_x509write_crt_free(&crt); return ok; } |