OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: NOYB on January 05, 2018, 02:06:23 am

Title: Certificate Serial Number Decrement
Post by: NOYB on January 05, 2018, 02:06:23 am

System: Trust: Authorities: Add/Edit
(https://opnsense.office/system_camanager.php?act=edit&id=0)

The "Serial for next certificate" value decrements with each save.
full help: "Enter a decimal number to be used as the serial number for the next certificate to be created using this CA."

Should this value really be decremented by saving?  Doesn't seem like it should.  Maybe I'm not understanding the use case.

Title: Re: Certificate Serial Number Decrement
Post by: franco on January 05, 2018, 08:49:32 am

Nice catch, it should not. Looks like a regression while fixing https://github.com/opnsense/core/issues/1581

I'll add a test to skip decrement if the value stays the same.


Cheers,
Franco

Title: Re: Certificate Serial Number Decrement
Post by: franco on January 05, 2018, 09:01:14 am

This ok? I'm not entirely sure.

https://github.com/opnsense/core/commit/945b866

Title: Re: Certificate Serial Number Decrement
Post by: NOYB on January 05, 2018, 11:01:33 am

Not entirely sure myself either.  But at least now simply saving the CA doesn't change the serial number for the next certificate.  Halfway guessing that's the expected behavior.

Title: Re: Certificate Serial Number Decrement
Post by: franco on January 05, 2018, 11:07:44 am

Looks good after creating and updating several CAs. I was worried about newly created CAs... though now its out + 1, in - 1 to be consistent. Just a weird way of displaying the data to fix the user-based interpretation of the value. Thanks for spotting this. Will go to 17.7.12 as well.