diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-03-19 12:15:22 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-03-19 12:22:40 +0100 |
commit | ccdb0059b8a43e8e15b2380e8003e95236cabfa6 (patch) | |
tree | 9d4a4856a0e4aa501ac9884ac05dd9d9298719d1 | |
parent | 7f859555f59b7c36f85afb0fdb74facbd47caeda (diff) | |
download | gnutls-ccdb0059b8a43e8e15b2380e8003e95236cabfa6.tar.gz |
warn on generation of DSA keys of over 1024 bits.
-rw-r--r-- | src/certtool.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/certtool.c b/src/certtool.c index b312fca4bf..9da4318121 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -251,14 +251,18 @@ generate_private_key_int (void) bits = get_bits (key_type); fprintf (stderr, "Generating a %d bit %s private key...\n", - get_bits (key_type), gnutls_pk_algorithm_get_name (key_type)); + bits, gnutls_pk_algorithm_get_name (key_type)); if (info.quick_random == 0) fprintf (stderr, "This might take several minutes depending on availability of randomness" " in /dev/random.\n"); - ret = gnutls_x509_privkey_generate (key, key_type, get_bits (key_type), 0); + if (bits > 1024 && key_type == GNUTLS_PK_DSA) + fprintf (stderr, + "Note that DSA keys with size over 1024 can only be used with TLS 1.2 or later.\n\n"); + + ret = gnutls_x509_privkey_generate (key, key_type,bits, 0); if (ret < 0) error (EXIT_FAILURE, 0, "privkey_generate: %s", gnutls_strerror (ret)); |