Reduce chances of issuer and serial number duplication by use of random

initial serial numbers. PR: 842
author: Dr. Stephen Henson <steve@openssl.org> 2004-04-20 12:05:26 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2004-04-20 12:05:26 +0000
commit: 64674bcc8cee73853d00388a5e83cb1b2f38bec1 (patch)
tree: 55da245985e07e8e1c75bf1ae8569012a63cb014 /CHANGES
parent: 1dc2d655addc773d6d91ee17a52c14a11d1cb8e1 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 5dd7a41b51..d6630830fc 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,15 @@
 
  Changes between 0.9.7c and 0.9.8  [xx XXX xxxx]
 
+  *) Reduce the chances of duplicate issuer name and serial numbers (in
+     violation of RFC3280) using the OpenSSL certificate creation utilities. 
+     This is done by creating a random 64 bit value for the initial serial
+     number when a serial number file is created or when a self signed
+     certificate is created using 'openssl req -x509'. The initial serial
+     number file is now moved from CA.pl to the 'ca' utility with a new
+     option -create_serial.
+     [Steve Henson]
+
   *) Reduced header interdepencies by declaring more opaque objects in
      ossl_typ.h. As a consequence, including some headers (eg. engine.h) will
      give fewer recursive includes, which could break lazy source code - so
author	Dr. Stephen Henson <steve@openssl.org>	2004-04-20 12:05:26 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2004-04-20 12:05:26 +0000
commit	64674bcc8cee73853d00388a5e83cb1b2f38bec1 (patch)
tree	55da245985e07e8e1c75bf1ae8569012a63cb014 /CHANGES
parent	1dc2d655addc773d6d91ee17a52c14a11d1cb8e1 (diff)