git.samba.org
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
ecdd17c
)
s4:tls: Fix generating TLS RSA certs with FIPS140-2
author
Andreas Schneider
<asn@samba.org>
Fri, 13 Mar 2020 14:32:27 +0000
(15:32 +0100)
committer
Andreas Schneider
<asn@cryptomilk.org>
Wed, 8 Apr 2020 13:02:39 +0000
(13:02 +0000)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
source4/lib/tls/tlscert.c
patch
|
blob
|
history
diff --git
a/source4/lib/tls/tlscert.c
b/source4/lib/tls/tlscert.c
index 9379ab094d1bd6e0bc53a8dfadda3305296fbffc..36482e3aaaf2285ad1f304d8db2cb8ac01b7112f 100644
(file)
--- a/
source4/lib/tls/tlscert.c
+++ b/
source4/lib/tls/tlscert.c
@@
-29,7
+29,9
@@
#define CA_NAME "Samba - temporary autogenerated CA certificate"
#define UNIT_NAME "Samba - temporary autogenerated HOST certificate"
#define LIFETIME 700*24*60*60
-#define RSA_BITS 4096
+
+/* FIPS140-2 only allows 2048 or 3072 prime sizes. */
+#define RSA_BITS gnutls_fips140_mode_enabled() ? 3072 : 4096
/*
auto-generate a set of self signed certificates