On Fri, 2015-01-02 at 12:59 -0500, Daniel Kahn Gillmor wrote: > [ sorry, digging up an old thread as i happen to be thinking about the > issue today ] > > On Thu 2014-05-15 07:49:14 -0400, Nikos Mavrogiannopoulos wrote: > > On Thu, May 15, 2014 at 12:08 PM, Josef Wolf <[email protected]> wrote: > >> Hello, > >> I am currently trying to use UUIDs (as Bignum) for the serial number of > >> certificates. AFAIK, the RFC 5280 allows up to 20 octets. But I have a hard > >> time to specify more than 31 bits in the template file. > >> With a prefix of 0x (indicating hex number), I get serial number 0. Ough! > >> Given as a decimal number, the number is truncated to 0x7fffffff. > >> Is this a limitation in certtool or am I missing something? > > > > It was a limitation. Support for up to 63-bit serial numbers was added in > > 3.3.0. > If the value received from the user for the serial number exceeds 63 > bits, should GnuTLS throw an error rather than truncate? I worry that > silently proceeding with a truncation seems likely to cause people using > certtool to issue multiple certificates with serial numbers of > 0x7fffffffffffffff.
Does it truncate? As far as I see, it already throws an error for out-of-range numbers. regards, Niko _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
