From ab9cd80301d22739dc1d8437b79e92f820d3e0f1 Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <brad@danga.com>
Date: Fri, 16 Jan 2015 16:46:15 -0800
Subject: [PATCH] httputil: use a random serial number in self-signed certs,
 not 0

Change-Id: Ifdba7c3efb9bd08e09da883eecdf3ba36dfa3f12
---
 pkg/httputil/certs.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkg/httputil/certs.go b/pkg/httputil/certs.go
index f3297bea0..3e1f0186d 100644
--- a/pkg/httputil/certs.go
+++ b/pkg/httputil/certs.go
@@ -26,6 +26,7 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"log"
 	"math/big"
 	"net/http"
 	"runtime"
@@ -59,8 +60,13 @@ func GenSelfTLS(hostname string) (certPEM, keyPEM []byte, err error) {
 	if hostname == "" {
 		hostname = "localhost"
 	}
+	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
+	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
+	if err != nil {
+		log.Fatalf("failed to generate serial number: %s", err)
+	}
 	template := x509.Certificate{
-		SerialNumber: new(big.Int).SetInt64(0),
+		SerialNumber: serialNumber,
 		Subject: pkix.Name{
 			CommonName:   hostname,
 			Organization: []string{hostname},