[EMAIL PROTECTED] - Mon Mar 15 08:26:10 2004]: > The attached patch causes serial numbers to default to the current time, > significantly reducing the chance of duplicate serial numbers from a > given issuer. I have filed the necessary TSA notification. > > Mozilla gets a constant stream of problem reports caused by > OpenSSL-generated certs with duplicate serial numbers. We would much > appreciate you could fix this non-standards-conforming behavior, > preferably by integrating this patch.
I'm not sure how portable that patch is as it stands. As a portable alternative we could use a large random number for the serial number, for example a 159 bit one has negligible chance of duplicates. I'd be interested to know how people are managing to create duplicate serial numbers: that is what commands and or scripts are being used to do this. Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
