Commit Diff

Commit:
2d35731399890316610e85d7a7aea41529b1fea9
From:
Alexander Barton <alex@barton.de>
Date:
Message:
GnuTLS: use 1024 (DH_BITS_MIN) as minimum size of the DH prime For outgoing connections, we use 2048 (DH_BITS) since commit 49b2d0e. This patch enables ngIRCd to accept incoming connections from other servers and clients that use at least 1024 bits (and no longer requires 2048 for incoming connections, too). Patch proposed by Florian Westphal.
Actions:
Patch | Tree
commit - 7ae7ace579915dc023722f733f30e941d371cab3
commit + 2d35731399890316610e85d7a7aea41529b1fea9
blob - 7630420dad36bfa46e2dbb0590e382055f3d7979
blob + ffb1b104e5f57e961565fe1c941edf8cae9b0d68
--- src/ngircd/conn-ssl.c
+++ src/ngircd/conn-ssl.c
@@ -52,9 +52,10 @@ static bool ConnSSL_LoadServerKey_openssl PARAMS(( SSL
 #include <gnutls/x509.h>
 
 #define DH_BITS 2048
+#define DH_BITS_MIN 1024
+
 static gnutls_certificate_credentials_t x509_cred;
 static gnutls_dh_params_t dh_params;
-
 static bool ConnSSL_LoadServerKey_gnutls PARAMS(( void ));
 #endif
 
@@ -426,7 +427,7 @@ ConnSSL_Init_SSL(CONNECTION *c)
 		ConnSSL_Free(c);
 		return false;
 	}
-	gnutls_dh_set_prime_bits(c->ssl_state.gnutls_session, DH_BITS);
+	gnutls_dh_set_prime_bits(c->ssl_state.gnutls_session, DH_BITS_MIN);
 #endif
 	Conn_OPTION_ADD(c, CONN_SSL);
 	return true;