[EMAIL PROTECTED] - Mon Mar 15 16:27:44 2004]: > Is the problem that there isn't an atomic "get next serial#" function? > > Turning the serial# into a timestamp narrows the window, but doesn't > close > it, particularly on SMP machines. Using a big random number closes > it, > but will probably inconvenience, confuse, etc., all those who assume > the > serial# fits in a C long. (Yes, those folks have non-robust code, but > for > their applications you can't really claim it's broken.) >
As I understand it the reports relate to newbies using the openssl utility to create certificates. They might also using non standard scripts and "cookbooks" which have broken behaviour and may not even be aware they are using OpenSSL. Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
