From 8a7287d5523741a7336251e71b1ac79e23106713 Mon Sep 17 00:00:00 2001 From: Daniel Barlow Date: Wed, 25 Sep 2024 12:00:40 +0100 Subject: [PATCH] unhardcode the certificate serial number --- main.fnl | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/main.fnl b/main.fnl index 86868df..3ed6cc7 100644 --- a/main.fnl +++ b/main.fnl @@ -6,6 +6,20 @@ (local csr (require :openssl.x509.csr)) (local x509 (require :openssl.x509)) (local pkey (require :openssl.pkey)) +(local bignum (require :openssl.bignum)) + +(fn string->bignum [bytes] + (bignum.new + (string.format + "0x%03x%03x%03x%03x%03x" + (string.unpack "I4I4I4I4I4" bytes)))) + +(fn make-serial [] + ;; 20 bytes, but luaossl expects it as a bignum + (let [bytes (with-open [f (io.open "/dev/urandom" :r)] + (f:read 20))] + (string->bignum bytes))) + (fn not-found [out] (doto (headers.new) @@ -24,7 +38,7 @@ (let [crt (doto (x509.new) (: :setVersion 2) - (: :setSerial 42) + (: :setSerial (make-serial)) (: :setIssuer (ca-crt:getSubject)) (: :setLifetime (os.time) (+ (* 365 86400) (os.time))) (: :setSubject (csr:getSubject))