gnutls_x509_crt_set_serial: document the 20-byte limit for serial sizes

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2017-03-03 08:27:23 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2017-03-03 08:45:23 +0100
commit: 6054e79688f4fe9d31f371208a0e5d65d5ac8d6e (patch)
tree: 1d1e0609e784ada001ef13d5d20274fd94d13c82
parent: ed8810c4bbfec66f4ae7f144e291ce54c66e6a4d (diff)
download: gnutls-6054e79688f4fe9d31f371208a0e5d65d5ac8d6e.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c
index 5a4c4de327..713a7e73cf 100644
--- a/lib/x509/x509_write.c
+++ b/lib/x509/x509_write.c
@@ -1204,6 +1204,10 @@ gnutls_x509_crt_set_expiration_time(gnutls_x509_crt_t cert,
  * with the X.509/PKIX specifications the provided @serial should be 
  * a big-endian positive number (i.e. it's leftmost bit should be zero).
  *
+ * The size of the serial is restricted to 20 bytes maximum by RFC5280.
+ * This function allows writing more than 20 bytes but the generated
+ * certificates in that case may be rejected by other implementations.
+ *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
  **/
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-03-03 08:27:23 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-03-03 08:45:23 +0100
commit	6054e79688f4fe9d31f371208a0e5d65d5ac8d6e (patch)
tree	1d1e0609e784ada001ef13d5d20274fd94d13c82
parent	ed8810c4bbfec66f4ae7f144e291ce54c66e6a4d (diff)
download	gnutls-6054e79688f4fe9d31f371208a0e5d65d5ac8d6e.tar.gz