patch to resolve duplicate issuer/serial (kgretzky#50)

Bobylove · Sep 12, 2018 · 4df8994 · 4df8994
1 parent 23b7cf0
commit 4df8994
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/core/certdb.go b/core/certdb.go
@@ -314,8 +314,14 @@ func (d *CertDb) SignCertificateForHost(host string, phish_host string, port int
 	if srvCert == nil {
 		return nil, fmt.Errorf("failed to get TLS certificate for: %s", host)
 	} else {
+		serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
+		serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
+		if err != nil {
+			return nil, err
+		}
+
 		template = x509.Certificate{
-			SerialNumber:          srvCert.SerialNumber,
+			SerialNumber:          serialNumber,
 			Issuer:                x509ca.Subject,
 			Subject:               srvCert.Subject,
 			NotBefore:             srvCert.NotBefore,