From: Fabian Keil <fk@fabiankeil.de>
Date: Thu, 27 Feb 2020 10:43:35 +0000 (+0100)
Subject: generate_webpage_certificate(): Include the time in the serial number
X-Git-Tag: v_3_0_29~462
X-Git-Url: http://www.privoxy.org/gitweb/%22https:/faq/@default-cgi@/developer-manual/static/quickstart.html?a=commitdiff_plain;h=c3c0116bed3c9f82de2f4cde6c86f78037036a5d;p=privoxy.git

generate_webpage_certificate(): Include the time in the serial number

... to make sure the serial number changes when the certificate
is regenerated.

Sponsored by: Robert Klemme
---

diff --git a/ssl.c b/ssl.c
index aa4f9cd3..55269ddb 100644
--- a/ssl.c
+++ b/ssl.c
@@ -1475,14 +1475,17 @@ static int generate_webpage_certificate(struct client_state *csp)
     * We must compute length of serial number in string + terminating null.
     */
    unsigned long certificate_serial = get_certificate_serial(csp);
-   int serial_num_size = snprintf(NULL, 0, "%lu", certificate_serial) + 1;
+   unsigned long certificate_serial_time = (unsigned long)time(NULL);
+   int serial_num_size = snprintf(NULL, 0, "%lu%lu",
+      certificate_serial_time, certificate_serial) + 1;
    if (serial_num_size <= 0)
    {
       serial_num_size = 1;
    }
 
    char serial_num_text[serial_num_size];  /* Buffer for serial number */
-   ret = snprintf(serial_num_text, (size_t)serial_num_size, "%lu", certificate_serial);
+   ret = snprintf(serial_num_text, (size_t)serial_num_size, "%lu%lu",
+      certificate_serial_time, certificate_serial);
    if (ret < 0 || ret >= serial_num_size)
    {
       log_error(LOG_LEVEL_ERROR,