aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert
diff options
context:
space:
mode:
authorlloyd <[email protected]>2011-04-06 15:14:32 +0000
committerlloyd <[email protected]>2011-04-06 15:14:32 +0000
commit5c44330158b5cf9daaf43140c5cfd15f98c6f1e8 (patch)
tree79f33d55db8e84ba22b77576301c42474c5901c0 /src/cert
parent23ba06f8c8da7d71f4590e5402f50e266eb57f30 (diff)
In X509_Certificate::to_string, don't print key ids if empty
Reduce size of serial numbers of new certs from 256 to 128 bits; 2**64 certs is _probably_ sufficient, given that it would take hundreds of exabytes of storage to hold that many certificates. :)
Diffstat (limited to 'src/cert')
-rw-r--r--src/cert/x509ca/x509_ca.cpp2
-rw-r--r--src/cert/x509cert/x509cert.cpp8
2 files changed, 7 insertions, 3 deletions
diff --git a/src/cert/x509ca/x509_ca.cpp b/src/cert/x509ca/x509_ca.cpp
index 9cb4c0a7f..40f2e3b3a 100644
--- a/src/cert/x509ca/x509_ca.cpp
+++ b/src/cert/x509ca/x509_ca.cpp
@@ -98,7 +98,7 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer,
const Extensions& extensions)
{
const size_t X509_CERT_VERSION = 3;
- const size_t SERIAL_BITS = 256;
+ const size_t SERIAL_BITS = 128;
BigInt serial_no(rng, SERIAL_BITS);
diff --git a/src/cert/x509cert/x509cert.cpp b/src/cert/x509cert/x509cert.cpp
index 7b1d97def..7d9370f2a 100644
--- a/src/cert/x509cert/x509cert.cpp
+++ b/src/cert/x509cert/x509cert.cpp
@@ -394,8 +394,12 @@ std::string X509_Certificate::to_string() const
OIDS::lookup(this->signature_algorithm().oid) << "\n";
out << "Serial number: " << hex_encode(this->serial_number()) << "\n";
- out << "Authority keyid: " << hex_encode(this->authority_key_id()) << "\n";
- out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n";
+
+ if(this->authority_key_id().size())
+ out << "Authority keyid: " << hex_encode(this->authority_key_id()) << "\n";
+
+ if(this->subject_key_id().size())
+ out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n";
X509_PublicKey* pubkey = this->subject_public_key();
out << "Public Key:\n" << X509::PEM_encode(*pubkey);