Skip to content

Commit

Permalink
Merge branch 'TinCanTech-require-128b-serial'
Browse files Browse the repository at this point in the history 
Take back "The Banks" unfair advantage.

Signed-off-by: Richard T Bonhomme <[email protected]>
  • Loading branch information
@TinCanTech
TinCanTech committed Aug 14, 2024
2 parents 4743021 + 282121e commit 5d84784
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 0 deletions.
1 change: 1 addition & 0 deletions ChangeLog
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ Easy-RSA 3 ChangeLog

3.2.1 (TBD)

* sign-req: Require 128bit serial number (806ee19) (#1213)
* Move command 'verify-cert' to Tools-lib; drop 'verify' shortcut (ddbf304) (#1209)
* Windows secure_session(): Ensure $secured_session dir is created (d99b242) (#1203)
* Switch to '-f' for file existence (6ab98c9..a02f545) (#1201)
Expand Down
3 changes: 3 additions & 0 deletions easyrsa3/easyrsa
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2407,6 +2407,9 @@ The certificate request file is not in a valid X509 format:
for i in 1 2 3 4 5; do
easyrsa_random 16 serial

# Require 128bit serial number
[ "$serial" = "${serial#00}" ] || continue

# Check for duplicate serial in CA db
if check_serial_unique "$serial" batch; then
serial_is_unique=1
Expand Down

0 comments on commit 5d84784

Please sign in to comment.