Randomize serial numbers of DVSNI challenge certificates.

2026-05-28 04:34:11 -04:00 · 2016-05-11 12:01:53 -04:00 · 2016-05-11 12:01:53 -04:00 · 639efaeb7b
commit 639efaeb7b
parent c799a2d57e
1 changed files with 1 additions and 1 deletions
--- a/acme/acme/crypto_util.py
+++ b/acme/acme/crypto_util.py
@ -203,7 +203,7 @@ def gen_ss_cert(key, domains, not_before=None,
    """
    assert domains, "Must provide one or more hostnames for the cert."
    cert = OpenSSL.crypto.X509()
-    cert.set_serial_number(1337)
+    cert.set_serial_number(int(OpenSSL.rand.bytes(16).encode("hex"), 16))
    cert.set_version(2)

    extensions = [