httputil: use a random serial number in self-signed certs, not 0

Change-Id: Ifdba7c3efb9bd08e09da883eecdf3ba36dfa3f12
2015-01-16 16:46:15 -08:00 · 2015-01-16 16:46:15 -08:00 · ab9cd80301
parent 00b18d99d4
commit ab9cd80301
1 changed files with 7 additions and 1 deletions
--- a/pkg/httputil/certs.go
+++ b/pkg/httputil/certs.go
@ -26,6 +26,7 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"log"
 	"math/big"
 	"net/http"
 	"runtime"
@ -59,8 +60,13 @@ func GenSelfTLS(hostname string) (certPEM, keyPEM []byte, err error) {
 	if hostname == "" {
 		hostname = "localhost"
 	}
+	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
+	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
+	if err != nil {
+		log.Fatalf("failed to generate serial number: %s", err)
+	}
 	template := x509.Certificate{
-		SerialNumber: new(big.Int).SetInt64(0),
+		SerialNumber: serialNumber,
 		Subject: pkix.Name{
 			CommonName:   hostname,
 			Organization: []string{hostname},