Certificate Serial Number Decrement

Started by NOYB, January 05, 2018, 02:06:23 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 05, 2018, 02:06:23 AM
System: Trust: Authorities: Add/Edit
(https://opnsense.office/system_camanager.php?act=edit&id=0)

The "Serial for next certificate" value decrements with each save.
full help: "Enter a decimal number to be used as the serial number for the next certificate to be created using this CA."

Should this value really be decremented by saving?  Doesn't seem like it should.  Maybe I'm not understanding the use case.
January 05, 2018, 08:49:32 AM #1
Nice catch, it should not. Looks like a regression while fixing https://github.com/opnsense/core/issues/1581

I'll add a test to skip decrement if the value stays the same.


Cheers,
Franco
January 05, 2018, 09:01:14 AM #2
This ok? I'm not entirely sure.

https://github.com/opnsense/core/commit/945b866
January 05, 2018, 11:01:33 AM #3
Not entirely sure myself either.  But at least now simply saving the CA doesn't change the serial number for the next certificate.  Halfway guessing that's the expected behavior.
January 05, 2018, 11:07:44 AM #4
Looks good after creating and updating several CAs. I was worried about newly created CAs... though now its out + 1, in - 1 to be consistent. Just a weird way of displaying the data to fix the user-based interpretation of the value. Thanks for spotting this. Will go to 17.7.12 as well.
Print
Go Up Pages1
User actions