On 19/05/11 16:46, Peter Sylvester wrote:
The problem with this scheme is that it doesn't deal well with
parallel certificate signatures. You have one shared information that
must be incremented in an atomic way. But for a "Junk CA" (that's how
I call the set of scripts I use), that's not a problem.
another approach is to take the value of 'time' (the current second)
and append to it the current process number, and, in case of
several machines, some number indicating the id of the machine.
instead of the process number, any other method to ensure uniqueness
within a second may be used.
Ah yes - that would guarantee a non repeating unpredictable sequence.
I was confuse initially as I did not realise the serial number could be
so big (16 bytes was it?).
Cheers
Tim
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
