[Pki-devel] [PATCH] 30 Continued - Fix for ticket 219 for DogTag branches : 8.1_Errata and 8.2

Ade Lee alee at redhat.com
Fri Aug 31 20:12:26 UTC 2012


pushed to 8.1 errata and 8.2 branches.

On Fri, 2012-08-24 at 16:14 -0400, Abhishek Koneru wrote:
> Please review the patches attached with fix ticket 219 for DogTag
> branches - 8.1_Errata and 8.2.
> The description about the ticket is attached below.
> 
> --Abhishek Koneru
> 
> Defect description:
>   The serial number generated for certificates is wrong when the number
> is large. Problem is due to the conversion of BigInteger to integer
> while generating a new serial number, which truncates the most
> significant bits in the serial number and therefore a large number (eg.
> 10fff0001) becomes a smaller number (eg. fff0001). This conversion in
> turn leads to a collision if a certificate with the smaller number
> exists in the database.
> 
> Steps to reproduce the defect:
>  
>  - Create a CA. - (1)
>  - Edit the fields minSerialNumber and maxSerialNumber in the
> <CA-Installation Path>/conf.CS.cfg to large values like 100000000 and
> 110000000.
>  - Restart the CA.
>  - Configure the CA.
>  - Create a new CA.
>  - Configure this as a clone to (1)CA
>  - After the Certificates are generated, view the serial number by
> clicking on "View Certificate in PrettyPrint".
> 
> Results:
> Before the patch is applied: The serial number is truncated.(Wrong)
> After the patch is applied: The serial number is found as expected.
> 
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel





More information about the Pki-devel mailing list