On Sun, 2015-01-04 at 14:57 -0500, Daniel Kahn Gillmor wrote: > >>> It was a limitation. Support for up to 63-bit serial numbers was added in > >>> 3.3.0. > >> If the value received from the user for the serial number exceeds 63 > >> bits, should GnuTLS throw an error rather than truncate? I worry that > >> silently proceeding with a truncation seems likely to cause people using > >> certtool to issue multiple certificates with serial numbers of > >> 0x7fffffffffffffff. > > > > Does it truncate? As far as I see, it already throws an error for > > out-of-range numbers. > sorry, i should have been more clear that i was talking about certtool. > for example: > certtool -p key.pem > echo 'serial = 10000000000000000000' > template > echo 'serial = 10000000000000000001' > template2
Correct. I've now added a check. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
