From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 3920C4B956 for ; Tue, 22 Jul 2025 12:37:22 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 90AB968CFA8; Tue, 22 Jul 2025 15:36:48 +0300 (EEST) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id E6F8868CF3C for ; Tue, 22 Jul 2025 15:36:46 +0300 (EEST) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-2353a2bc210so48197545ad.2 for ; Tue, 22 Jul 2025 05:36:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1753187805; x=1753792605; darn=ffmpeg.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=98ijNghPqt2rKCSuTrC+mzAKc5XjSW1KfZaloANsJbw=; b=BN4Z9c/AEaRqBI6p1+ui6NOycvpclUDuV8Ik4EWCkVg3SJ3d16beKoezRiP6DKmQeE ggSIBG3nDMlcAnW5EQ+WMUF7IwS8VfhESoZldRdc8Riki/QQojUZGBnTzJ/dm9RrldAk 0kLFqsg3fUmq7VcGvZGcoD5d+Pps7uN+FgfIBJP+DzXamu2q8oApREEZanTi8JCfGDBY +pAuB/3kj1OCt+nL3qxqy0ImPch7IC36RM8fAvry52eOADOfPMQ2C8pxJh9i7tsetfVi TvbD3EH7Y7PyVaLI+T7O7YC9yGYJ2ZXZvqSSZ+iTyZre83wX1duu0wYhhaxaKvQ9ynPK iTDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753187805; x=1753792605; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=98ijNghPqt2rKCSuTrC+mzAKc5XjSW1KfZaloANsJbw=; b=Od3SNIvy7V4FuVHAV5EcyUd7k5+7RZ5B5AGm7tLp/ouuWGK7dpFxgU4BmukjUpsT7p 4sqUYy7tomIKyjHd6ikosyOoqlkjLAPXK12mQL5qklP5Z3P6TR3UI7LbLqkMmYSZUvHh CT0Yjwj07EYAsQOR7cgmC49Yocx7lt91OovoNWWbLVQMON6dzJJwStsOP27KJlk3plKm 1IMATO6RHeE1oFJkqWE+3imsEaKF84lUd/MqQ+iFBhHeM71vWacSgbIqrdg/a/yuWajm jhKwDKnR3ZTompvtzP/qOHOqBMZ0MYDXDLFI9yHggweN0erx7br5+RGDZ8+Jccde/s2G bDGw== X-Gm-Message-State: AOJu0YxpVhQdHO0ALFinJlErjrjR0uLmRKJMtmR5LpuwM5QjDIO1gRTu KO3ifCNyQ58iSSk7DIRO3+K07vqlpw8Np/vzzN3qtvyZIwsNL66rvU3K4ifVkfDBUzQ= X-Gm-Gg: ASbGncszkqdpaG7d9KWDQybDOpjv4V9CmetV8KPwpFR/ZpwQDzP+1R/DUhZeYfsPdYB Z6pxcFVdvSq2iHQMrZXizXd7jZKZj3DgfIk6a8whgQc6m4N6ANiDaMWXVvykFcL8CW0uxb34Y1+ xX6JoaQumnQEK/76PTVPrEUTV7FWeEU3soNp6DIY8jwaI9EpdQpLv39dQT4KEoLmO9IUGtOgU0D GPbH9e1IjrAqFhI+ENdQItOoSwl40OWvxO/3VZ+0kJP6emTLo8r6sa3hjkHjkIHXW9T4G9jlSeQ JDUKRTUCq6cUzEO+MA4GUgLn3ND66OfOxbpBVW/QzEmW2rdOAD31DNTqomZB8/11oYdI7K/4Qle TdWwntnZBl726SCqJjNseLpS/8WIPXZIXwIhhpjn7iwRhzg== X-Google-Smtp-Source: AGHT+IF7i+iUZEAnnnro4ZwcQl32R7q8fAUrhz0JprIP4pTd4snl1Yd2z293CE3vGU69as6HrdiLmA== X-Received: by 2002:a17:903:2a83:b0:237:cadf:9aac with SMTP id d9443c01a7336-23e2572ff8amr364863445ad.29.1753187804884; Tue, 22 Jul 2025 05:36:44 -0700 (PDT) Received: from localhost.localdomain ([182.126.128.169]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23e3b60edbasm75740715ad.70.2025.07.22.05.36.42 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Tue, 22 Jul 2025 05:36:44 -0700 (PDT) From: Jack Lau X-Google-Original-From: Jack Lau To: ffmpeg-devel@ffmpeg.org Date: Tue, 22 Jul 2025 20:36:05 +0800 Message-ID: <20250722123616.53164-5-jacklau1222@qq.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250722123616.53164-1-jacklau1222@qq.com> References: <20250722123616.53164-1-jacklau1222@qq.com> MIME-Version: 1.0 X-Unsent: 1 Subject: [FFmpeg-devel] [PATCH v5 04/15] WHIP: X509 cert serial number should be positive. X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: winlin , Jack Lau Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: From: winlin See RFC5280 4.1.2.2 Signed-off-by: Jack Lau --- libavformat/tls_openssl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c index 0a7998210f..2689aa5090 100644 --- a/libavformat/tls_openssl.c +++ b/libavformat/tls_openssl.c @@ -329,7 +329,8 @@ static int openssl_gen_certificate(EVP_PKEY *pkey, X509 **cert, char **fingerpri goto enomem_end; } - serial = (int)av_get_random_seed(); + // According to RFC5280 4.1.2.2, The serial number MUST be a positive integer + serial = (int)(av_get_random_seed() & 0x7FFFFFFF); if (ASN1_INTEGER_set(X509_get_serialNumber(*cert), serial) != 1) { av_log(NULL, AV_LOG_ERROR, "TLS: Failed to set serial, %s\n", ERR_error_string(ERR_get_error(), NULL)); goto einval_end; -- 2.49.0 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".