Skip to content

Commit a925cbe

Browse files
ottomaoottomao
committed
fix the issue about duplicated cert serial number alibaba#70 
1 parent 0fb202e commit a925cbe

2 files changed

Lines changed: 12 additions & 7 deletions

File tree

lib/certGenerator.js

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -7,11 +7,11 @@ var defaultAttrs = [
77
{ shortName: 'OU', value: 'AnyProxy SSL Proxy'}
88
];
99

10-
function getKeysAndCert(){
10+
function getKeysAndCert(serialNumber){
1111
var keys = forge.pki.rsa.generateKeyPair(1024);
1212
var cert = forge.pki.createCertificate();
1313
cert.publicKey = keys.publicKey;
14-
cert.serialNumber = '01';
14+
cert.serialNumber = serialNumber || (Math.floor(Math.random() * 100000) + '');
1515
cert.validity.notBefore = new Date();
1616
cert.validity.notBefore.setFullYear(cert.validity.notBefore.getFullYear() - 10); // 10 years
1717
cert.validity.notAfter = new Date();
@@ -56,15 +56,20 @@ function generateRootCA(){
5656
}
5757

5858
function generateCertsForHostname(domain, rootCAConfig){
59-
var keysAndCert = getKeysAndCert();
59+
60+
//generate a serialNumber for domain
61+
var md = forge.md.md5.create();
62+
md.update(domain);
63+
64+
var keysAndCert = getKeysAndCert(md.digest().toHex());
6065
keys = keysAndCert.keys;
6166
cert = keysAndCert.cert;
6267

63-
var caCert = forge.pki.certificateFromPem(rootCAConfig.cert)
64-
var caKey = forge.pki.privateKeyFromPem(rootCAConfig.key)
68+
var caCert = forge.pki.certificateFromPem(rootCAConfig.cert);
69+
var caKey = forge.pki.privateKeyFromPem(rootCAConfig.key);
6570

6671
// issuer from CA
67-
cert.setIssuer(caCert.subject.attributes)
72+
cert.setIssuer(caCert.subject.attributes);
6873

6974
var attrs = defaultAttrs.concat([
7075
{

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "anyproxy",
3-
"version": "3.10.2",
3+
"version": "3.10.3Beta1",
44
"description": "A fully configurable proxy in NodeJS, which can handle HTTPS requests perfectly.",
55
"main": "proxy.js",
66
"bin": {

0 commit comments

Comments
 (0)