[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_0-8-ge3617d

From: Nikos Mavrogiannopoulos
Subject: [SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_0-8-ge3617dd
Date: Mon, 05 Jul 2010 13:03:10 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

The branch, gnutls_2_10_x has been updated
       via  e3617dd08019470a7c225e01c14bedd2ada7e52a (commit)
      from  1e338d75555d50af19d9593bc27eb1334159af2a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e3617dd08019470a7c225e01c14bedd2ada7e52a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Jul 5 15:02:48 2010 +0200

    Warn when generating DSA keys of  size more than 1024.


Summary of changes:
 NEWS           |    3 +++
 src/certtool.c |    7 ++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/NEWS b/NEWS
index aaf4226..4c4a6a9 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,9 @@ See the end for copying conditions.
 ** libgnutls: Correctly deinitialize crypto API functions to prevent
 a memory leak. Reported by Mads Kiilerich.
+certtool: If asked to generate DSA keys of size more than 1024 bits,
+issue a warning, that the output key might not be working everywhere.
 certtool: The --pkcs-cipher is taken into account when generating a
 private key. The default cipher used now is aes-128. The old behavior can
 be simulated by specifying "--pkcs-cipher 3des-pkcs12".
diff --git a/src/certtool.c b/src/certtool.c
index da81902..4ffc721 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -172,9 +172,10 @@ generate_private_key_int (void)
   if (info.dsa)
       key_type = GNUTLS_PK_DSA;
-      /* FIXME: Remove me once we depend on 1.3.x */
-      if (info.bits > 1024 && gcry_check_version ("1.3.1") == NULL)
-       info.bits = 1024;
+      if (info.bits > 1024)
+        {
+          fprintf(stderr, "It is suggested for compatibility with other 
implementations to use DSA keys bit length 1024\n");
+        }
     key_type = GNUTLS_PK_RSA;

GNU gnutls

reply via email to

[Prev in Thread] Current Thread [Next in Thread]