On Fri, Mar 18, 2005 at 10:39:58AM +0100, Michael Bell wrote: > Date: Fri, 18 Mar 2005 10:39:58 +0100 > From: Michael Bell <[EMAIL PROTECTED]> > Subject: Re: [OpenCA-Devel] CA Certificate serial number. > > Michael Bell wrote: > > >I think this is the relevant code (OpenSSL.xs): > > > >int > >serial(cert) > > OpenCA_OpenSSL_X509 cert > > PREINIT: > > char * stringval; > > CODE: > > stringval = i2s_ASN1_INTEGER(NULL,X509_get_serialNumber(cert)); > > RETVAL = atoi(stringval); > > free(stringval); > > OUTPUT: > > RETVAL > > > >int is usually not an 8 byte unsigned integer. Perhaps it is enough to > >change the return datatype to "unsigned long long int" and replace atoi > >with "strtoull (stringval, (char **)NULL, 10);" > > Uups, this works only on 64-bit platforms. Please use the following. > this should work on 32-bit platforms too. Yep, it complains on prototyping. Anyway, according to RFC3280 4.1.2.2
<Cite> Given the uniqueness requirements above, serial numbers can be expected to contain long integers. Certificate users MUST be able to handle serialNumber values up to 20 octets. Conformant CAs MUST NOT use serialNumber values longer than 20 octets. Note: Non-conforming CAs may issue certificates with serial numbers that are negative, or zero. Certificate users SHOULD be prepared to gracefully handle such certificates. </Cite> If I understand correctly, 20 octets won't fit into long long int. > > char * > serial(cert) > OpenCA_OpenSSL_X509 cert > PREINIT: > char * stringval; > CODE: > RETVAL = i2s_ASN1_INTEGER(NULL,X509_get_serialNumber(cert)); > OUTPUT: > RETVAL > > Actually my automatic tests are failing with this. So perhaps it is not > perfect. If we change RETVAL to char *, does it mean that we shouldn't use sprintf in crypto-utils.lib? Best wishes -- Alexei Chetroi Smile... Tomorrow will be worse. (c) Murphy's Law ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ OpenCA-Devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-devel
