From 7ae5fb20d7dc52641ef853b896dffc0f283d16d2 Mon Sep 17 00:00:00 2001
From: James Yonan <james@openvpn.net>
Date: Mon, 14 Feb 2011 22:03:44 +0000
Subject: Properly handle certificate serial numbers > 32 bits.

Version 2.1.3h


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6931 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 ssl.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

(limited to 'ssl.c')

diff --git a/ssl.c b/ssl.c
index f1f0688..16e4c09 100644
--- a/ssl.c
+++ b/ssl.c
@@ -912,11 +912,19 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx)
   setenv_str (opt->es, envname, common_name);
 #endif
 
-  /* export serial number as environmental variable */
+  /* export serial number as environmental variable,
+     use bignum in case serial number is large */
   {
-    const int serial = (int) ASN1_INTEGER_get (X509_get_serialNumber (ctx->current_cert));
+    ASN1_INTEGER *asn1_i;
+    BIGNUM *bignum;
+    char *dec;
+    asn1_i = X509_get_serialNumber(ctx->current_cert);
+    bignum = ASN1_INTEGER_to_BN(asn1_i, NULL);
+    dec = BN_bn2dec(bignum);
     openvpn_snprintf (envname, sizeof(envname), "tls_serial_%d", ctx->error_depth);
-    setenv_int (opt->es, envname, serial);
+    setenv_str (opt->es, envname, dec);
+    BN_free(bignum);
+    OPENSSL_free(dec);
   }
 
   /* export current untrusted IP */
-- 
cgit