simono41/shellinabox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Use 2048-bit RSA keys for auto-generated certificates.

Browse source 
Security researchers have recommended moving away from 1024-bit
keys for a few years now.
This commit is contained in:
Jay Weisskopf 2012-02-02 00:11:13 -06:00 committed by Marc Singer
parent 85c3a03aec
commit 9cff326327
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
libhttp/ssl.c
View file

@ -364,7 +364,7 @@ static void sslGenerateCertificate(const char *certificate,
umask(077); umask(077);
check(setenv("PATH", "/usr/bin:/usr/sbin", 1) == 0); check(setenv("PATH", "/usr/bin:/usr/sbin", 1) == 0);
execlp("openssl", "openssl", "req", "-x509", "-nodes", "-days", "7300", execlp("openssl", "openssl", "req", "-x509", "-nodes", "-days", "7300",
"-newkey", "rsa:1024", "-keyout", certificate, "-out", certificate, "-newkey", "rsa:2048", "-keyout", certificate, "-out", certificate,
"-subj", stringPrintf(NULL, "/CN=%s/", serverName), "-subj", stringPrintf(NULL, "/CN=%s/", serverName),
(char *)NULL); (char *)NULL);
check(0); check(0);