2023-01-05 17:06:14 +01:00
|
|
|
Bugfix
|
|
|
|
|
* mbedtls_x509write_crt_set_serial() now explicitly rejects serial numbers
|
|
|
|
|
whose binary representation is longer than 20 bytes. This was already
|
|
|
|
|
forbidden by the standard (RFC5280 - section 4.1.2.2) and now it's being
|
|
|
|
|
enforced also at code level.
|
|
|
|
|
|
|
|
|
|
New deprecations
|
|
|
|
|
* mbedtls_x509write_crt_set_serial() is now being deprecated in favor of
|
2023-01-26 17:43:09 +01:00
|
|
|
mbedtls_x509write_crt_set_serial_raw(). The goal here is to remove any
|
2023-01-09 17:21:17 +01:00
|
|
|
direct dependency of X509 on BIGNUM_C.
|
2023-01-11 10:40:18 +01:00
|
|
|
|
|
|
|
|
Changes
|
|
|
|
|
* programs/x509/cert_write:
|
|
|
|
|
- now it accepts the serial number in 2 different formats: decimal and
|
|
|
|
|
hex. They cannot be used simultaneously
|
|
|
|
|
- "serial" is used for the decimal format and it's limted in size to
|
|
|
|
|
unsigned long long int
|
|
|
|
|
- "serial_hex" is used for the hex format; max length here is
|
|
|
|
|
MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN*2
|
