From 4b15429a4c219f16dda9df75978adb7e8b373c2d Mon Sep 17 00:00:00 2001
From: Joel Klinghed <the_jk@opera.com>
Date: Tue, 18 Jul 2023 14:11:21 +0200
Subject: Make sure to not generate a too large serial for certificate

Could cause the set_serial call to fail.
---
 src/ssl_mbedtls.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/ssl_mbedtls.cc b/src/ssl_mbedtls.cc
index 50c7975..3242b3c 100644
--- a/src/ssl_mbedtls.cc
+++ b/src/ssl_mbedtls.cc
@@ -618,7 +618,8 @@ bool SSLCert::generate(Logger* logger, SSLEntropy* entropy,
   }
 
   if (mbedtls_mpi_fill_random(
-          &serial, 32, mbedtls_ctr_drbg_random,
+          &serial, MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN,
+          mbedtls_ctr_drbg_random,
           static_cast<SSLEntropyImpl*>(entropy)->random())) {
     logerr(logger, ret, "Unable generate serial");
     goto error;
-- 
cgit v1.2.3-70-g09d2