pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:787:    return 0;    a = a[1..];    }    DBG("TBSCertificate: version = %d\n", version);       this_program::version = version;       if (a[0]->type_name != "INTEGER")    return 0;    serial = a[0]->value; -  if(serial<0) -  return 0; +     DBG("TBSCertificate: serial = %s\n", (string) serial);       if ((a[1]->type_name != "SEQUENCE")    || !sizeof(a[1])    || (a[1][0]->type_name != "OBJECT IDENTIFIER"))    return 0;       algorithm = a[1];    DBG("TBSCertificate: algorithm = %O\n", algorithm);   
pike.git/lib/modules/Standards.pmod/X509.pmod:1200:   //! @returns   //! Returns a DER-encoded certificate.   //!   //! @seealso   //! @[make_selfsigned_certificate()], @[make_tbs()], @[sign_tbs()]   string sign_key(Sequence issuer, Crypto.Sign c, Crypto.Sign ca, Crypto.Hash h,    Sequence subject, int serial, int ttl, array|mapping|void extensions)   {    Sequence algorithm_id = c->pkcs_signature_algorithm_id(h);    if(!algorithm_id) error("Can't use %O for %O.\n", h, c); -  if(serial<0) error("Serial number needs to be >=0.\n"); +  if(serial<=0) error("Conforming CA serial number needs to be >0.\n"); +  if(serial>1<<142) error("Serial needs to be less than 20 bytes encoded.\n");       if( mappingp(extensions) )    {    mapping(Identifier:Sequence) m = [mapping]extensions;    array(Sequence) a = ({});    foreach( sort(indices(m)), Identifier i )    a += ({ m[i] });    extensions = a;    }