diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2004-04-20 12:05:26 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2004-04-20 12:05:26 +0000 |
commit | 64674bcc8cee73853d00388a5e83cb1b2f38bec1 (patch) | |
tree | 55da245985e07e8e1c75bf1ae8569012a63cb014 /CHANGES | |
parent | 1dc2d655addc773d6d91ee17a52c14a11d1cb8e1 (diff) |
Reduce chances of issuer and serial number duplication by use of random
initial serial numbers.
PR: 842
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -4,6 +4,15 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) Reduce the chances of duplicate issuer name and serial numbers (in + violation of RFC3280) using the OpenSSL certificate creation utilities. + This is done by creating a random 64 bit value for the initial serial + number when a serial number file is created or when a self signed + certificate is created using 'openssl req -x509'. The initial serial + number file is now moved from CA.pl to the 'ca' utility with a new + option -create_serial. + [Steve Henson] + *) Reduced header interdepencies by declaring more opaque objects in ossl_typ.h. As a consequence, including some headers (eg. engine.h) will give fewer recursive includes, which could break lazy source code - so |