Fix man page and OSCP script: tls_serial_{n} is decimal

Commit 7d5e26cbb5 fixed extracting serial but did not change the format, which always has been decimal. This patch fixes the manpage and OSCP.sh script to conform with the implementation. Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1396001222-5033-1-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/8409 Signed-off-by: Gert Doering <gert@greenie.muc.de>
2024-09-19 19:42:30 +02:00 · 2014-03-28 11:07:01 +01:00 · 2014-03-28 11:07:01 +01:00 · 959d60789b
commit 959d60789b
parent cdbd56ceea
2 changed files with 4 additions and 4 deletions
--- a/contrib/OCSP_check/OCSP_check.sh
+++ b/contrib/OCSP_check/OCSP_check.sh
@ -97,7 +97,7 @@ if [ $check_depth -eq -1 ] || [ $cur_depth -eq $check_depth ]; then
                    "$nonce" \
                    -CAfile "$verify" \
                    -url "$ocsp_url" \
-                    -serial "0x${serial}" 2>/dev/null)
+                    -serial "${serial}" 2>/dev/null)

    if [ $? -eq 0 ]; then
      # check that it's good
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@ -6094,9 +6094,9 @@ where
 is the verification level.  Only set for TLS connections.  Set prior
 to execution of
 .B \-\-tls-verify
-script. This is in the form of a hex string like "37AB46E0", which is
-suitable for doing serial-based OCSP queries (with OpenSSL, you have
-to prepend "0x" to the string). If something goes wrong while reading
+script. This is in the form of a decimal string like "933971680", which is
+suitable for doing serial-based OCSP queries (with OpenSSL, do not
+prepend "0x" to the string) If something goes wrong while reading
 the value from the certificate it will be an empty string, so your
 code should check that.
 See the contrib/OCSP_check/OCSP_check.sh script for an example.