Hi, On Tue, Aug 25, 2015 at 02:38:20AM -0400, grarpamp wrote: > Cert serial numbers found in the wild are hardly unique (witness
They are not "in the wild" in this context, as the issueing CA in
OpenVPN contexts is typically in-house - and serial numbers for certs
issued by a single CA(!) *are* unique.
If the cert cannot be verified at all (not revoked, but "issued by
another CA" or "not signed at all"), I agree, the serial number does not
carry meaningful information - but this is not the case this patch is
about.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
pgph1uFUjrG1Z.pgp
Description: PGP signature
