Hi, On Thu, Apr 17, 2014 at 01:58:02AM -0600, James Yonan wrote: > If we keep the current behavior (PolarSSL serial numbers are hex while > OpenSSL are decimal) then we should at least mark the serial number when > it's hex, so client software can distinguish it. > > This very simple patch does that.
As discussed yesterday on the IRC meeting, NAK on this - Steffan promised
to send a patch that will change PolarSSL to provide decimal serial
numbers as well (*nudge*), so we're fully consistent.
> RFC 5280, published in 2008, decrees that serial numbers can be
> up to 20 bytes long, hence it is necessary to support SSL
> libraries that return the serial number as a hex string.
Emphasizing this again, don't use "%d" on serials :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
pgpBkM5zDe_RN.pgp
Description: PGP signature
