From 5c44330158b5cf9daaf43140c5cfd15f98c6f1e8 Mon Sep 17 00:00:00 2001 From: lloyd Date: Wed, 6 Apr 2011 15:14:32 +0000 Subject: In X509_Certificate::to_string, don't print key ids if empty Reduce size of serial numbers of new certs from 256 to 128 bits; 2**64 certs is _probably_ sufficient, given that it would take hundreds of exabytes of storage to hold that many certificates. :) --- src/cert/x509ca/x509_ca.cpp | 2 +- src/cert/x509cert/x509cert.cpp | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'src/cert') diff --git a/src/cert/x509ca/x509_ca.cpp b/src/cert/x509ca/x509_ca.cpp index 9cb4c0a7f..40f2e3b3a 100644 --- a/src/cert/x509ca/x509_ca.cpp +++ b/src/cert/x509ca/x509_ca.cpp @@ -98,7 +98,7 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer, const Extensions& extensions) { const size_t X509_CERT_VERSION = 3; - const size_t SERIAL_BITS = 256; + const size_t SERIAL_BITS = 128; BigInt serial_no(rng, SERIAL_BITS); diff --git a/src/cert/x509cert/x509cert.cpp b/src/cert/x509cert/x509cert.cpp index 7b1d97def..7d9370f2a 100644 --- a/src/cert/x509cert/x509cert.cpp +++ b/src/cert/x509cert/x509cert.cpp @@ -394,8 +394,12 @@ std::string X509_Certificate::to_string() const OIDS::lookup(this->signature_algorithm().oid) << "\n"; out << "Serial number: " << hex_encode(this->serial_number()) << "\n"; - out << "Authority keyid: " << hex_encode(this->authority_key_id()) << "\n"; - out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n"; + + if(this->authority_key_id().size()) + out << "Authority keyid: " << hex_encode(this->authority_key_id()) << "\n"; + + if(this->subject_key_id().size()) + out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n"; X509_PublicKey* pubkey = this->subject_public_key(); out << "Public Key:\n" << X509::PEM_encode(*pubkey); -- cgit v1.2.3