Properly handle certificate serial numbers > 32 bits.

Version 2.1.3h


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6931 e7ae566f-a301-0410-adde-c780ea21d3b5

2 files changed, 12 insertions, 4 deletions

diff --git a/ssl.c b/ssl.c
index f1f0688..16e4c09 100644
--- a/ssl.c
+++ b/ssl.c
@@ -912,11 +912,19 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx)
   setenv_str (opt->es, envname, common_name);
 #endif
 
-  /* export serial number as environmental variable */
+  /* export serial number as environmental variable,
+     use bignum in case serial number is large */
   {
-    const int serial = (int) ASN1_INTEGER_get (X509_get_serialNumber (ctx->current_cert));
+    ASN1_INTEGER *asn1_i;
+    BIGNUM *bignum;
+    char *dec;
+    asn1_i = X509_get_serialNumber(ctx->current_cert);
+    bignum = ASN1_INTEGER_to_BN(asn1_i, NULL);
+    dec = BN_bn2dec(bignum);
     openvpn_snprintf (envname, sizeof(envname), "tls_serial_%d", ctx->error_depth);
-    setenv_int (opt->es, envname, serial);
+    setenv_str (opt->es, envname, dec);
+    BN_free(bignum);
+    OPENSSL_free(dec);
   }
 
   /* export current untrusted IP */
diff --git a/version.m4 b/version.m4
index 2ca0739..72d6ea2 100644
--- a/version.m4
+++ b/version.m4
@@ -1,5 +1,5 @@
 dnl define the OpenVPN version
-define(PRODUCT_VERSION,[2.1.3g])
+define(PRODUCT_VERSION,[2.1.3h])
 dnl define the TAP version
 define(PRODUCT_TAP_ID,[tap0901])
 define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9])