On 01/28/2014 03:35 PM, Petr Viktorin wrote:
On 01/23/2014 01:54 PM, Petr Viktorin wrote:
[...]
Patch 454 changes the cert generation script for CA-less tests to use
sequential serial numbers rather than random ones, to prevent collisions.


This one is still useful though.

Ping, could someone review this?


--
PetrĀ³
From 6c6673501fcc0823f7e75875833a70635db44168 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pvikt...@redhat.com>
Date: Thu, 23 Jan 2014 13:08:04 +0100
Subject: [PATCH] CA-less tests: Use sequential certificate serial numbers

When serial numbers were generated with $RANDOM, there
could be collisions.
Use sequential numbers instead.
---
 ipatests/test_integration/scripts/caless-create-pki | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ipatests/test_integration/scripts/caless-create-pki b/ipatests/test_integration/scripts/caless-create-pki
index a0b6f13c0cdef2631640862ca85df3cc4394f7cf..f428ebae16e05644a875a35faf192f75eb149740 100644
--- a/ipatests/test_integration/scripts/caless-create-pki
+++ b/ipatests/test_integration/scripts/caless-create-pki
@@ -5,6 +5,8 @@ profile_server=(-t ,, -v 12)
 
 crl_path=${crl_path-$(readlink -f $dbdir)}
 
+serial_number=0
+
 gen_cert() {
     local profile="$1" nick="$2" subject="$3" ca options pwfile noise csr crt
     shift 3
@@ -46,7 +48,8 @@ file://$crl_path/$ca.crl
 n
 n
 EOF
-    certutil -C -d "$dbdir" -f "$pwfile" -m "$RANDOM" -i "$csr" -o "$crt" "${options[@]}" "$@"
+    serial_number=$(($serial_number+1))
+    certutil -C -d "$dbdir" -f "$pwfile" -m "$serial_number" -i "$csr" -o "$crt" "${options[@]}" "$@"
     certutil -A -d "$dbdir" -n "$nick" -f "$pwfile" -i "$crt" "${options[@]}"
 
     rm -f "$pwfile" "$noise" "$csr" "$crt"
-- 
1.8.4.2

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to