diff options
author | lloyd <[email protected]> | 2011-04-06 15:14:32 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2011-04-06 15:14:32 +0000 |
commit | 5c44330158b5cf9daaf43140c5cfd15f98c6f1e8 (patch) | |
tree | 79f33d55db8e84ba22b77576301c42474c5901c0 /src/cert | |
parent | 23ba06f8c8da7d71f4590e5402f50e266eb57f30 (diff) |
In X509_Certificate::to_string, don't print key ids if empty
Reduce size of serial numbers of new certs from 256 to 128 bits;
2**64 certs is _probably_ sufficient, given that it would take hundreds
of exabytes of storage to hold that many certificates. :)
Diffstat (limited to 'src/cert')
-rw-r--r-- | src/cert/x509ca/x509_ca.cpp | 2 | ||||
-rw-r--r-- | src/cert/x509cert/x509cert.cpp | 8 |
2 files changed, 7 insertions, 3 deletions
diff --git a/src/cert/x509ca/x509_ca.cpp b/src/cert/x509ca/x509_ca.cpp index 9cb4c0a7f..40f2e3b3a 100644 --- a/src/cert/x509ca/x509_ca.cpp +++ b/src/cert/x509ca/x509_ca.cpp @@ -98,7 +98,7 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer, const Extensions& extensions) { const size_t X509_CERT_VERSION = 3; - const size_t SERIAL_BITS = 256; + const size_t SERIAL_BITS = 128; BigInt serial_no(rng, SERIAL_BITS); diff --git a/src/cert/x509cert/x509cert.cpp b/src/cert/x509cert/x509cert.cpp index 7b1d97def..7d9370f2a 100644 --- a/src/cert/x509cert/x509cert.cpp +++ b/src/cert/x509cert/x509cert.cpp @@ -394,8 +394,12 @@ std::string X509_Certificate::to_string() const OIDS::lookup(this->signature_algorithm().oid) << "\n"; out << "Serial number: " << hex_encode(this->serial_number()) << "\n"; - out << "Authority keyid: " << hex_encode(this->authority_key_id()) << "\n"; - out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n"; + + if(this->authority_key_id().size()) + out << "Authority keyid: " << hex_encode(this->authority_key_id()) << "\n"; + + if(this->subject_key_id().size()) + out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n"; X509_PublicKey* pubkey = this->subject_public_key(); out << "Public Key:\n" << X509::PEM_encode(*pubkey); |