Skip to content

Commit 944d3b7

Browse files
BiagioFestaBiagioFesta
committed
ensure default serial generation fits 20 bytes
1 parent d382a37 commit 944d3b7

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

rcgen/src/lib.rs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -937,7 +937,8 @@ impl CertificateParams {
937937
} else {
938938
let hash = digest::digest(&digest::SHA256, pub_key.raw_bytes());
939939
// RFC 5280 specifies at most 20 bytes for a serial number
940-
let sl = &hash.as_ref()[0..20];
940+
let mut sl = hash.as_ref()[0..20].to_vec();
941+
sl[0] = sl[0] & 0x7f; // MSB must be 0 to ensure encoding bignum in 20 bytes
941942
writer.next().write_bigint_bytes(sl, true);
942943
};
943944
// Write signature

0 commit comments

Comments
 (0)