Please review the patches attached with fix ticket 219 for DogTag
branches - 8.1_Errata and 8.2.
The description about the ticket is attached below.
--Abhishek Koneru
Defect description:
The serial number generated for certificates is wrong when the number
is large. Problem is due to the conversion of BigInteger to integer
while generating a new serial number, which truncates the most
significant bits in the serial number and therefore a large number (eg.
10fff0001) becomes a smaller number (eg. fff0001). This conversion in
turn leads to a collision if a certificate with the smaller number
exists in the database.
Steps to reproduce the defect:
- Create a CA. - (1)
- Edit the fields minSerialNumber and maxSerialNumber in the
<CA-Installation Path>/conf.CS.cfg to large values like 100000000 and
110000000.
- Restart the CA.
- Configure the CA.
- Create a new CA.
- Configure this as a clone to (1)CA
- After the Certificates are generated, view the serial number by
clicking on "View Certificate in PrettyPrint".
Results:
Before the patch is applied: The serial number is truncated.(Wrong)
After the patch is applied: The serial number is found as expected.