warn on generation of DSA keys of over 1024 bits.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2011-03-19 12:15:22 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2011-03-19 12:22:40 +0100
commit: ccdb0059b8a43e8e15b2380e8003e95236cabfa6 (patch)
tree: 9d4a4856a0e4aa501ac9884ac05dd9d9298719d1
parent: 7f859555f59b7c36f85afb0fdb74facbd47caeda (diff)
download: gnutls-ccdb0059b8a43e8e15b2380e8003e95236cabfa6.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/src/certtool.c b/src/certtool.c
index b312fca4bf..9da4318121 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -251,14 +251,18 @@ generate_private_key_int (void)
   bits = get_bits (key_type);
 
   fprintf (stderr, "Generating a %d bit %s private key...\n",
-           get_bits (key_type), gnutls_pk_algorithm_get_name (key_type));
+           bits, gnutls_pk_algorithm_get_name (key_type));
 
   if (info.quick_random == 0)
     fprintf (stderr,
              "This might take several minutes depending on availability of randomness"
              " in /dev/random.\n");
 
-  ret = gnutls_x509_privkey_generate (key, key_type, get_bits (key_type), 0);
+  if (bits > 1024 && key_type == GNUTLS_PK_DSA)
+    fprintf (stderr,
+             "Note that DSA keys with size over 1024 can only be used with TLS 1.2 or later.\n\n");
+
+  ret = gnutls_x509_privkey_generate (key, key_type,bits, 0);
   if (ret < 0)
     error (EXIT_FAILURE, 0, "privkey_generate: %s", gnutls_strerror (ret));
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2011-03-19 12:15:22 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2011-03-19 12:22:40 +0100
commit	ccdb0059b8a43e8e15b2380e8003e95236cabfa6 (patch)
tree	9d4a4856a0e4aa501ac9884ac05dd9d9298719d1
parent	7f859555f59b7c36f85afb0fdb74facbd47caeda (diff)
download	gnutls-ccdb0059b8a43e8e15b2380e8003e95236cabfa6.tar.gz