From 0ceece4c82490197d5cefe11fa640c3a51159322 Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jow@openwrt.org>
Date: Mon, 3 Nov 2014 18:12:42 +0000
Subject: [PATCH] px5g: generate unique serial numbers

Generate a random serial from /dev/urandom when creating selfsigned certs.
Fixes "sec_error_reused_issuer_and_serial" with Firefox.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43168
---
 package/utils/px5g/Makefile | 4 ++--
 package/utils/px5g/px5g.c   | 8 ++++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/package/utils/px5g/Makefile b/package/utils/px5g/Makefile
index 9c0caa7b8d..df2a170d84 100644
--- a/package/utils/px5g/Makefile
+++ b/package/utils/px5g/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2010 Jo-Philipp Wich <xm@subsignal.org>
+# Copyright (C) 2010-2014 Jo-Philipp Wich <xm@subsignal.org>
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=px5g
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)
 PKG_USE_MIPS16:=0
diff --git a/package/utils/px5g/px5g.c b/package/utils/px5g/px5g.c
index 6b977081e1..633aa51361 100644
--- a/package/utils/px5g/px5g.c
+++ b/package/utils/px5g/px5g.c
@@ -143,7 +143,7 @@ int selfsigned(char **arg)
 	char *keypath = NULL, *certpath = NULL;
 	bool pem = true;
 	time_t from = time(NULL), to;
-	char fstr[20], tstr[20];
+	char fstr[20], tstr[20], sstr[17];
 	int len;
 
 	while (*arg && **arg == '-') {
@@ -222,8 +222,12 @@ int selfsigned(char **arg)
 	x509write_crt_set_subject_key_identifier(&cert);
 	x509write_crt_set_authority_key_identifier(&cert);
 
+	_urandom(NULL, buf, 8);
+	for (len = 0; len < 8; len++)
+		sprintf(sstr + len*2, "%02x", (unsigned char) buf[len]);
+
 	mpi_init(&serial);
-	mpi_read_string(&serial, 10, "1");
+	mpi_read_string(&serial, 16, sstr);
 	x509write_crt_set_serial(&cert, &serial);
 
 	if (pem) {
-- 
GitLab