Use current time as default serial number.

3 files changed, 14 insertions, 6 deletions

diff --git a/NEWS b/NEWS
index 3cfff2d745..7c98596094 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ See the end for copying conditions.
 
 * Version 1.7.9 (unreleased)
 
+** Change certtool's default serial number from 0 to a time-based value.
+
 ** API and ABI modifications:
 No changes since last version.
 
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
index 8957580952..18090f2a05 100644
--- a/src/certtool-cfg.c
+++ b/src/certtool-cfg.c
@@ -28,6 +28,7 @@
 #include <string.h>
 #include <limits.h>
 #include <inttypes.h>
+#include <time.h>
 
 /* Gnulib portability files. */
 #include <getpass.h>
@@ -77,6 +78,7 @@ cfg_init (void)
 {
   memset (&cfg, 0, sizeof (cfg));
   cfg.path_len = -1;
+  cfg.serial = -1;
 }
 
 int
@@ -565,15 +567,18 @@ get_pkcs9_email_crt_set (gnutls_x509_crt crt)
 int
 get_serial (void)
 {
+  int default_serial = time (NULL);
+
   if (batch)
     {
       if (cfg.serial < 0)
-	return 0;
+	return default_serial;
       return cfg.serial;
     }
   else
     {
-      return read_int ("Enter the certificate's serial number (decimal): ");
+      return read_int_with_default
+	("Enter the certificate's serial number (decimal): ", default_serial);
     }
 }
 
diff --git a/src/certtool.c b/src/certtool.c
index 6829bd285b..24c2e5f9e2 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -275,12 +275,13 @@ generate_certificate (gnutls_x509_privkey * ret_key,
 
 
   serial = get_serial ();
-  buffer[3] = serial & 0xff;
-  buffer[2] = (serial >> 8) & 0xff;
-  buffer[1] = (serial >> 16) & 0xff;
+  buffer[4] = serial & 0xff;
+  buffer[3] = (serial >> 8) & 0xff;
+  buffer[2] = (serial >> 16) & 0xff;
+  buffer[1] = (serial >> 24) & 0xff;
   buffer[0] = 0;
 
-  result = gnutls_x509_crt_set_serial (crt, buffer, 4);
+  result = gnutls_x509_crt_set_serial (crt, buffer, 5);
   if (result < 0)
     error (EXIT_FAILURE, 0, "serial: %s", gnutls_strerror (result));