tool: don't generate negative serial numbers. MSVC, on 32-bit systems, defines sizeof(long)=4 which means that a uint32_t could end up negative when passed to |ASN1_INTEGER_set| on Windows. Change-Id: Ib07487ab524550c832909bf10521aae61d654416 Reviewed-on: https://boringssl-review.googlesource.com/12560 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Martin Kreichgauer <martinkr@google.com> Reviewed-by: Adam Langley <agl@google.com>

commit: f18ad089f15c1cb39de8ab21aaa81e472b7dc119 [log] [tgz]
author: Adam Langley <agl@google.com> Thu Dec 01 11:11:26 2016 -0800
committer: Adam Langley <agl@google.com> Thu Dec 01 23:32:49 2016 +0000
tree: 1dbe3941b1547ade7e3c6c13b2647be93cd897f1
parent: d8a268261d387a197591ff10d55b020eb3c60e8c [diff] [blame]
diff --git a/tool/server.cc b/tool/server.cc
index 2f96961..a049422 100644
--- a/tool/server.cc
+++ b/tool/server.cc

@@ -113,7 +113,7 @@
   bssl::UniquePtr<X509> x509(X509_new());
   uint32_t serial;
   RAND_bytes(reinterpret_cast<uint8_t*>(&serial), sizeof(serial));
-  ASN1_INTEGER_set(X509_get_serialNumber(x509.get()), serial);
+  ASN1_INTEGER_set(X509_get_serialNumber(x509.get()), serial >> 1);
   X509_gmtime_adj(X509_get_notBefore(x509.get()), 0);
   X509_gmtime_adj(X509_get_notAfter(x509.get()), 60 * 60 * 24 * valid_days);
commit	f18ad089f15c1cb39de8ab21aaa81e472b7dc119	[log] [tgz]
author	Adam Langley <agl@google.com>	Thu Dec 01 11:11:26 2016 -0800
committer	Adam Langley <agl@google.com>	Thu Dec 01 23:32:49 2016 +0000
tree	1dbe3941b1547ade7e3c6c13b2647be93cd897f1
parent	d8a268261d387a197591ff10d55b020eb3c60e8c [diff] [blame]