serial numbers.
Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
+ *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1
+ for the first serial number and places 2 in the serial number file. This
+ avoids problems when the root CA is created with serial number zero and
+ the first user certificate has the same issuer name and serial number
+ as the root CA.
+ [Steve Henson]
+
*) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses
the new code. Add documentation for this stuff.
[Steve Henson]
}
else
{
- ASN1_INTEGER_set(bs,0);
- BN_zero(serial);
+ ASN1_INTEGER_set(bs,1);
+ BN_one(serial);
}
}
else
=item B<-CAcreateserial filename>
with this option the CA serial number file is created if it does not exist:
-it will contain the serial number "01". Normally if the B<-CA> option is
-specified and the serial number file does not exist it is an error.
+it will contain the serial number "02" and the certificate being signed will
+have the 1 as its serial number. Normally if the B<-CA> option is specified
+and the serial number file does not exist it is an error.
=item B<-extfile filename>
projects / openssl.git / commitdiff