repo: ngircd
action: commit
revision: 
path_from: 
revision_from: 2d35731399890316610e85d7a7aea41529b1fea9:
path_to: 
revision_to:
git.thebackupbox.net
ngircd
git clone git://git.thebackupbox.net/ngircd
commit 2d35731399890316610e85d7a7aea41529b1fea9
Author: Alexander Barton 
Date:   Tue Jun 28 13:48:33 2011 +0200

    GnuTLS: use 1024 (DH_BITS_MIN) as minimum size of the DH prime

    For outgoing connections, we use 2048 (DH_BITS) since commit 49b2d0e.

    This patch enables ngIRCd to accept incoming connections from other servers
    and clients that use at least 1024 bits (and no longer requires 2048 for
    incoming connections, too).

    Patch proposed by Florian Westphal.

diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c
index 7630420dad36bfa46e2dbb0590e382055f3d7979..
index ..ffb1b104e5f57e961565fe1c941edf8cae9b0d68 100644
--- a/src/ngircd/conn-ssl.c
+++ b/src/ngircd/conn-ssl.c
@@ -52,9 +52,10 @@ static bool ConnSSL_LoadServerKey_openssl PARAMS(( SSL_CTX *c ));
 #include 

 #define DH_BITS 2048
+#define DH_BITS_MIN 1024
+
 static gnutls_certificate_credentials_t x509_cred;
 static gnutls_dh_params_t dh_params;
-
 static bool ConnSSL_LoadServerKey_gnutls PARAMS(( void ));
 #endif

@@ -426,7 +427,7 @@ ConnSSL_Init_SSL(CONNECTION *c)
 		ConnSSL_Free(c);
 		return false;
 	}
-	gnutls_dh_set_prime_bits(c->ssl_state.gnutls_session, DH_BITS);
+	gnutls_dh_set_prime_bits(c->ssl_state.gnutls_session, DH_BITS_MIN);
 #endif
 	Conn_OPTION_ADD(c, CONN_SSL);
 	return true;

-----END OF PAGE-----