unhardcode the certificate serial number

2024-09-25 12:00:40 +01:00 · 2024-09-25 12:00:40 +01:00 · 8a7287d552
commit 8a7287d552
parent 6ddae21727
1 changed files with 15 additions and 1 deletions
--- a/main.fnl
+++ b/main.fnl
@ -6,6 +6,20 @@
 (local csr (require :openssl.x509.csr))
 (local x509 (require :openssl.x509))
 (local pkey (require :openssl.pkey))
+(local bignum (require :openssl.bignum))
+
+(fn string->bignum [bytes]
+  (bignum.new
+   (string.format
+    "0x%03x%03x%03x%03x%03x"
+    (string.unpack "I4I4I4I4I4" bytes))))
+
+(fn make-serial []
+  ;; 20 bytes, but luaossl expects it as a bignum
+  (let [bytes (with-open [f (io.open "/dev/urandom" :r)]
+                (f:read 20))]
+    (string->bignum bytes)))
+

 (fn not-found [out]
  (doto (headers.new)
@ -24,7 +38,7 @@
  (let [crt
        (doto (x509.new)
          (: :setVersion 2)
-          (: :setSerial 42)
+          (: :setSerial (make-serial))
          (: :setIssuer (ca-crt:getSubject))
          (: :setLifetime (os.time) (+ (* 365 86400) (os.time)))
          (: :setSubject (csr:getSubject))