[Pki-devel] [PATCH] 29 Fix for ticket 219 - BugZilla issue 816232
Abhishek Koneru
akoneru at redhat.com
Thu Aug 16 17:29:05 UTC 2012
Please review the patch for ticket 219 - fix BZ 816232 - incorrect
casting from BigInt to Int in installation wizard. This patch is for the
DogTag 9 branch. The previous one was for DogTag 10 branch.
Defect description:
The serial number generated for certificates is wrong when the number
is large. Problem is due to the conversion of BigInteger to integer
while generating a new serial number, which truncates the most
significant bits in the serial number and therefore a large number (eg.
10fff0001) becomes a smaller number (eg. fff0001). This conversion in
turn leads to a collision if a certificate with the smaller number
exists in the database.
Steps to reproduce the defect:
- Create a CA. - (1)
- Edit the fields minSerialNumber and maxSerialNumber in the
<CA-Installation Path>/conf.CS.cfg to large values like 100000000 and
110000000.
- Restart the CA.
- Configure the CA.
- Create a new CA.
- Configure this as a clone to (1)CA
- After the Certificates are generated, view the serial number by
clicking on "View Certificate in PrettyPrint".
Results:
Before the patch is applied: The serial number is truncated.(Wrong)
After the patch is applied: The serial number is found as expected.
--Abhishek Koneru
On Mon, 2012-08-13 at 18:44 -0400, Abhishek Koneru wrote:
> Please review the patch with fix for ticket 219 in Dog Tag 10 Beta.
>
> --Abhishek Koneru
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-akoneru-0030-Fix-for-BugZilla-ticket-219-DogTag 9 branch.patch
Type: text/x-patch
Size: 2971 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120816/ae2337be/attachment.bin>
More information about the Pki-devel
mailing list