diff options
author | James Yonan <james@openvpn.net> | 2011-02-14 22:03:44 +0000 |
---|---|---|
committer | James Yonan <james@openvpn.net> | 2011-02-14 22:03:44 +0000 |
commit | 7ae5fb20d7dc52641ef853b896dffc0f283d16d2 (patch) | |
tree | d6cc9bdb935fe8cba16ccb7d9e23528d064ee11f /ssl.c | |
parent | 3f7c03a23e097f69b716ea79a79848e5ba0a4303 (diff) | |
download | openvpn-7ae5fb20d7dc52641ef853b896dffc0f283d16d2.tar.gz openvpn-7ae5fb20d7dc52641ef853b896dffc0f283d16d2.tar.xz openvpn-7ae5fb20d7dc52641ef853b896dffc0f283d16d2.zip |
Properly handle certificate serial numbers > 32 bits.
Version 2.1.3h
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6931 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'ssl.c')
-rw-r--r-- | ssl.c | 14 |
1 files changed, 11 insertions, 3 deletions
@@ -912,11 +912,19 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) setenv_str (opt->es, envname, common_name); #endif - /* export serial number as environmental variable */ + /* export serial number as environmental variable, + use bignum in case serial number is large */ { - const int serial = (int) ASN1_INTEGER_get (X509_get_serialNumber (ctx->current_cert)); + ASN1_INTEGER *asn1_i; + BIGNUM *bignum; + char *dec; + asn1_i = X509_get_serialNumber(ctx->current_cert); + bignum = ASN1_INTEGER_to_BN(asn1_i, NULL); + dec = BN_bn2dec(bignum); openvpn_snprintf (envname, sizeof(envname), "tls_serial_%d", ctx->error_depth); - setenv_int (opt->es, envname, serial); + setenv_str (opt->es, envname, dec); + BN_free(bignum); + OPENSSL_free(dec); } /* export current untrusted IP */ |