daemon/tls_ephemeral_credentials nit: improve cert serial

I don't expect this matters, but why not fix this to do what was intended (by the comment). Discovered by Daniel Salzman <daniel.salzman@nic.cz>
author: Vladimír Čunát <vladimir.cunat@nic.cz> 2023-03-06 17:21:50 +0100
committer: Vladimír Čunát <vladimir.cunat@nic.cz> 2023-03-10 10:54:37 +0100
commit: 645c6eb178fb12a8cb736f0fb87c80771e949728 (patch)
tree: 1934af9a90f5e09934cdd4b62b7e26737a75a00d /daemon/tls_ephemeral_credentials.c
parent: Merge !1384: Fix building on Cygwin (diff)
download: knot-resolver-645c6eb178fb12a8cb736f0fb87c80771e949728.tar.xz
knot-resolver-645c6eb178fb12a8cb736f0fb87c80771e949728.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/daemon/tls_ephemeral_credentials.c b/daemon/tls_ephemeral_credentials.c
index 48e8d4a0..23b944f6 100644
--- a/daemon/tls_ephemeral_credentials.c
+++ b/daemon/tls_ephemeral_credentials.c
@@ -159,7 +159,7 @@ static gnutls_x509_crt_t get_ephemeral_cert(gnutls_x509_privkey_t privkey, const
 	uint8_t serial[16];
 	gnutls_rnd(GNUTLS_RND_NONCE, serial, sizeof(serial));
 	/* clear the left-most bit to avoid signedness confusion: */
-	serial[0] &= 0x8f;
+	serial[0] &= 0x7f;
 	size_t namelen = strlen(servicename);
 
 #define gtx(fn, ...)							\
author	Vladimír Čunát <vladimir.cunat@nic.cz>	2023-03-06 17:21:50 +0100
committer	Vladimír Čunát <vladimir.cunat@nic.cz>	2023-03-10 10:54:37 +0100
commit	645c6eb178fb12a8cb736f0fb87c80771e949728 (patch)
tree	1934af9a90f5e09934cdd4b62b7e26737a75a00d /daemon/tls_ephemeral_credentials.c
parent	Merge !1384: Fix building on Cygwin (diff)
download	knot-resolver-645c6eb178fb12a8cb736f0fb87c80771e949728.tar.xz knot-resolver-645c6eb178fb12a8cb736f0fb87c80771e949728.zip