BN_bn2hex() returns "0" instead of "00" for zero. This disrputs the

requirement that the serial number always be an even amount of characters.
PR: 248

apps/ca.c

@@ -828,11 +828,16 @@ bad:
 			goto err;
 			}
 		if (verbose)
+			{
+			if (BN_is_zero(serial))
+				BIO_printf(bio_err,"next serial number is 00\n");
+			else
 				{
 				if ((f=BN_bn2hex(serial)) == NULL) goto err;
 				BIO_printf(bio_err,"next serial number is %s\n",f);
 				OPENSSL_free(f);
 				}
+			}
 
 		if ((attribs=CONF_get_section(conf,policy)) == NULL)
 			{
@@ -1728,6 +1733,9 @@ again2:
 		BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
 
 	row[DB_name]=X509_NAME_oneline(subject,NULL,0);
+	if (BN_is_zero(serial))
+		row[DB_serial]=BUF_strdup("00");
+	else
 		row[DB_serial]=BN_bn2hex(serial);
 	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
 		{
@@ -2142,6 +2150,9 @@ static int do_revoke(X509 *x509, TXT_DB *db)
 		row[i]=NULL;
 	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
 	bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
+	if (BN_is_zero(bn))
+		row[DB_serial]=BUF_strdup("00");
+	else
 		row[DB_serial]=BN_bn2hex(bn);
 	BN_free(bn);
 	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))