diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-07-05 15:02:48 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-07-05 15:02:48 +0200 |
commit | e3617dd08019470a7c225e01c14bedd2ada7e52a (patch) | |
tree | 302c0b3deac947e8f3c5d697c7e48954b8e23ba4 | |
parent | 1e338d75555d50af19d9593bc27eb1334159af2a (diff) | |
download | gnutls-e3617dd08019470a7c225e01c14bedd2ada7e52a.tar.gz |
Warn when generating DSA keys of size more than 1024.
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | src/certtool.c | 7 |
2 files changed, 7 insertions, 3 deletions
@@ -8,6 +8,9 @@ See the end for copying conditions. ** libgnutls: Correctly deinitialize crypto API functions to prevent a memory leak. Reported by Mads Kiilerich. +certtool: If asked to generate DSA keys of size more than 1024 bits, +issue a warning, that the output key might not be working everywhere. + certtool: The --pkcs-cipher is taken into account when generating a private key. The default cipher used now is aes-128. The old behavior can be simulated by specifying "--pkcs-cipher 3des-pkcs12". diff --git a/src/certtool.c b/src/certtool.c index da81902de0..4ffc721273 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -172,9 +172,10 @@ generate_private_key_int (void) if (info.dsa) { key_type = GNUTLS_PK_DSA; - /* FIXME: Remove me once we depend on 1.3.x */ - if (info.bits > 1024 && gcry_check_version ("1.3.1") == NULL) - info.bits = 1024; + if (info.bits > 1024) + { + fprintf(stderr, "It is suggested for compatibility with other implementations to use DSA keys bit length 1024\n"); + } } else key_type = GNUTLS_PK_RSA; |