@@ -632,21 +632,28 @@ static int pv_validity(sip_msg_t* msg, pv_param_t* param, pv_value_t* res)

 static int get_sn(str* res, int* ires, int local, sip_msg_t* msg)

 {

-	static char buf[INT2STR_MAX_LEN];

+	static char buf[80]; // handle 256-bits log(2^256,10)

 	X509* cert;

 	struct tcp_connection* c;

 	char* sn;

-	int num;

+	BIGNUM* bn;

 	if (get_cert(&cert, &c, msg, local) < 0) return -1;

-	num = ASN1_INTEGER_get(X509_get_serialNumber(cert));

-	sn = int2str(num, &res->len);

+	bn = BN_new();

+	ASN1_INTEGER_to_BN(X509_get_serialNumber(cert), bn);

+	sn = BN_bn2dec(bn);

+	res->len = strlen(sn);

 	memcpy(buf, sn, res->len);

 	res->s = buf;

-	if (ires) *ires = num;

+

+	// cannot store serial number in int size var

+	// if (ires) *ires = num;

 	if (!local) X509_free(cert);

 	tcpconn_put(c);

+

+	BN_free(bn);

+	OPENSSL_free(sn);

 	return 0;

 }

@@ -678,12 +685,13 @@ static int pv_sn(sip_msg_t* msg, pv_param_t* param, pv_value_t* res)

 		BUG("could not determine certificate\n");

 		return pv_get_null(msg, param, res);

 	}

-	

-	if (get_sn(&res->rs, &res->ri, local, msg) < 0) {

+

+	// serial no can be > 2^64 cannot store in res->ri

+	if (get_sn(&res->rs, NULL, local, msg) < 0) {

 		return pv_get_null(msg, param, res);

 	}

-	res->flags = PV_VAL_STR | PV_VAL_INT;

+	res->flags = PV_VAL_STR;

 	return 0;

 }