[glib-networking] gnutls: override minimum key length
- From: Dan Winship <danw src gnome org>
- To: commits-list gnome org
- Cc: 
- Subject: [glib-networking] gnutls: override minimum key length
- Date: Sat,  6 Aug 2011 00:06:43 +0000 (UTC)
commit cbe4ab7294afc4afca0d8d1f9562e973ca8a1810
Author: Dan Winship <danw gnome org>
Date:   Fri Aug 5 20:04:03 2011 -0400
    gnutls: override minimum key length
    
    By default, gnutls requires server keys to be a reasonable size and
    will return an error rather than connecting to a server with an
    insecurely small key. But other TLS libraries don't do this, and some
    web servers (especially embedded ones) use small keys. So bump down
    the limit.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=652284
 tls/gnutls/gtlsconnection-gnutls.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)
---
diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c
index 48e05d6..da3f76e 100644
--- a/tls/gnutls/gtlsconnection-gnutls.c
+++ b/tls/gnutls/gtlsconnection-gnutls.c
@@ -253,6 +253,11 @@ g_tls_connection_gnutls_initable_init (GInitable     *initable,
       return FALSE;
     }
 
+  /* Some servers (especially on embedded devices) use tiny keys that
+   * gnutls will reject by default. We want it to accept them.
+   */
+  gnutls_dh_set_prime_bits (gnutls->priv->session, 256);
+
   gnutls_transport_set_push_function (gnutls->priv->session,
 				      g_tls_connection_gnutls_push_func);
   gnutls_transport_set_pull_function (gnutls->priv->session,
[
Date Prev][
Date Next]   [
Thread Prev][
Thread Next]   
[
Thread Index]
[
Date Index]
[
Author Index]