[Pki-devel] [PATCH] 30 Continued - Fix for ticket 219 for DogTag branches : 8.1_Errata and 8.2
Ade Lee
alee at redhat.com
Fri Aug 31 20:12:26 UTC 2012
pushed to 8.1 errata and 8.2 branches.
On Fri, 2012-08-24 at 16:14 -0400, Abhishek Koneru wrote:
> Please review the patches attached with fix ticket 219 for DogTag
> branches - 8.1_Errata and 8.2.
> The description about the ticket is attached below.
>
> --Abhishek Koneru
>
> Defect description:
> The serial number generated for certificates is wrong when the number
> is large. Problem is due to the conversion of BigInteger to integer
> while generating a new serial number, which truncates the most
> significant bits in the serial number and therefore a large number (eg.
> 10fff0001) becomes a smaller number (eg. fff0001). This conversion in
> turn leads to a collision if a certificate with the smaller number
> exists in the database.
>
> Steps to reproduce the defect:
>
> - Create a CA. - (1)
> - Edit the fields minSerialNumber and maxSerialNumber in the
> <CA-Installation Path>/conf.CS.cfg to large values like 100000000 and
> 110000000.
> - Restart the CA.
> - Configure the CA.
> - Create a new CA.
> - Configure this as a clone to (1)CA
> - After the Certificates are generated, view the serial number by
> clicking on "View Certificate in PrettyPrint".
>
> Results:
> Before the patch is applied: The serial number is truncated.(Wrong)
> After the patch is applied: The serial number is found as expected.
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list