update serial number to a valid non-zero number in ca certificate (#117791)

* update serial number to a valid non-zero number in ca certificate * fix the existing problem (0 SerialNumber in all certificate) as part of this PR in a separate commit
2023-05-09 06:34:08 -07:00
parent 9e9ec8f62c
commit e865b30abd
5 changed files with 34 additions and 10 deletions
--- a/test/integration/client/cert_rotation_test.go
+++ b/test/integration/client/cert_rotation_test.go
@@ -183,10 +183,12 @@ func writeCerts(t *testing.T, clientSigningCert *x509.Certificate, clientSigning
 		t.Fatal(err)
 	}

-	serial, err := rand.Int(rand.Reader, new(big.Int).SetInt64(math.MaxInt64))
+	// returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max).
+	serial, err := rand.Int(rand.Reader, new(big.Int).SetInt64(math.MaxInt64-1))
 	if err != nil {
 		t.Fatal(err)
 	}
+	serial = new(big.Int).Add(serial, big.NewInt(1))

 	certTmpl := x509.Certificate{
 		Subject: pkix.Name{