[MDEV-40146] vio_gencert function doesn't set serial number - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 11.4
Fix Version/s: None
Component/s: SSL
Labels:
None

Description

According to RFC 5280 the serial id of a X509 certificate must be a positive integer.

Unfortunately the self generated certificate generated in function vio_gencert() doesn't set the serial number which leads to a warning in python's cryptographic module:

$ openssl s_client -starttls mysql -connect 127.0.0.1:3306 -showcerts </dev/null 2>/dev/null | openssl x509 -noout -serial

serial=00

CryptographyDeprecationWarning: Parsed a serial number which wasn't positive (i.e., it was negative or zero), which is disallowed by RFC 5280. Loading this certificate will cause an exception in a future release of cryptography

How to fix:
See attached patch.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

serial.patch
0.5 kB
2026-06-24 14:15

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Georg Richter

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 3 days ago 14:15

Updated:: 3 days ago 14:15

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.