From 4512930cb630489e10f4c5b61721a232ce2048ed Mon Sep 17 00:00:00 2001
From: Art Cancro <ajc@citadel.org>
Date: Wed, 21 Apr 2004 03:43:39 +0000
Subject: [PATCH] * Completed remaining SSL fixes.  Works in Moz, aIEeee, Konq;
 self-signed   certs are also no longer invalid.

---
 webcit/ChangeLog | 5 ++++-
 webcit/crypto.c  | 4 +++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/webcit/ChangeLog b/webcit/ChangeLog
index 77baa8633..684084e92 100644
--- a/webcit/ChangeLog
+++ b/webcit/ChangeLog
@@ -1,4 +1,8 @@
 $Log$
+Revision 506.10  2004/04/21 03:43:39  ajc
+* Completed remaining SSL fixes.  Works in Moz, aIEeee, Konq; self-signed
+  certs are also no longer invalid.
+
 Revision 506.9  2004/04/21 02:25:13  ajc
 * Replaced ctdl_install_certificate() with convenience functions found
   in the OpenSSL library.
@@ -1790,4 +1794,3 @@ Sun Dec  6 19:50:55 EST 1998 Art Cancro <ajc@uncnsrd.mt-kisco.ny.us>
 
 1998-12-03 Nathan Bryant <bryant@cs.usm.maine.edu>
 	* webserver.c: warning fix
-
diff --git a/webcit/crypto.c b/webcit/crypto.c
index 85bcb3b10..d74c6b17d 100644
--- a/webcit/crypto.c
+++ b/webcit/crypto.c
@@ -277,10 +277,12 @@ void init_ssl(void)
 			if (req) {
 				if (cer = X509_new(), cer != NULL) {
 
+					ASN1_INTEGER_set(X509_get_serialNumber(cer), 0);
 					X509_set_issuer_name(cer, req->req_info->subject);
 					X509_set_subject_name(cer, req->req_info->subject);
-					X509_gmtime_adj(X509_get_notBefore(cer),0);
+					X509_gmtime_adj(X509_get_notBefore(cer), 0);
 					X509_gmtime_adj(X509_get_notAfter(cer),(long)60*60*24*SIGN_DAYS);
+
 					req_pkey = X509_REQ_get_pubkey(req);
 					X509_set_pubkey(cer, req_pkey);
 					EVP_PKEY_free(req_pkey);
-- 
2.30.2