Implement support for serial files

fixes #7393

diff --git a/lib/base/tlsutility.cpp b/lib/base/tlsutility.cpp
index ac9adf1f98be1a32f0ced0f9012f8c35f8c6e921..56c75c53c7276d820f61397afeb698e1ce2f1979 100644 (file)
--- a/lib/base/tlsutility.cpp
+++ b/lib/base/tlsutility.cpp
@@ -22,6 +22,7 @@
 #include "base/logger.hpp"
 #include "base/context.hpp"
 #include "base/application.hpp"
+#include <fstream>
 
 namespace icinga
 {
@@ -369,7 +370,6 @@ int MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile,
 shared_ptr<X509> CreateCert(EVP_PKEY *pubkey, X509_NAME *subject, X509_NAME *issuer, EVP_PKEY *cakey, bool ca, const String& serialfile)
 {
        X509 *cert = X509_new();
-       ASN1_INTEGER_set(X509_get_serialNumber(cert), 1);
        X509_gmtime_adj(X509_get_notBefore(cert), 0);
        X509_gmtime_adj(X509_get_notAfter(cert), 365 * 24 * 60 * 60 * 30);
        X509_set_pubkey(cert, pubkey);
@@ -377,6 +377,28 @@ shared_ptr<X509> CreateCert(EVP_PKEY *pubkey, X509_NAME *subject, X509_NAME *iss
        X509_set_subject_name(cert, subject);
        X509_set_issuer_name(cert, issuer);
 
+       if (!serialfile.IsEmpty()) {
+               int serial = 0;
+
+               std::ifstream ifp;
+               ifp.open(serialfile.CStr());
+               ifp >> std::hex >> serial;
+               ifp.close();
+
+               if (ifp.fail())
+                       BOOST_THROW_EXCEPTION(std::runtime_error("Could not read serial file."));
+
+               std::ofstream ofp;
+               ofp.open(serialfile.CStr());
+               ofp << std::hex << serial + 1;
+               ofp.close();
+
+               if (ofp.fail())
+                       BOOST_THROW_EXCEPTION(std::runtime_error("Could not update serial file."));
+
+               ASN1_INTEGER_set(X509_get_serialNumber(cert), serial);
+       }
+
        if (ca) {
                X509_EXTENSION *ext;
                X509V3_CTX ctx;