Change dhparam from 512bits to 2048bits to make newer nrpe-clients happy
This commit is contained in:
parent
003e20162b
commit
b988357a7f
50
debian/patches/0007-Change-dhparam-from-512bits-to-2048bits-to-make-newe.patch
vendored
Normal file
50
debian/patches/0007-Change-dhparam-from-512bits-to-2048bits-to-make-newe.patch
vendored
Normal file
|
@ -0,0 +1,50 @@
|
|||
From: Ludovic Poujol <lpoujol@evolix.fr>
|
||||
Date: Thu, 1 Feb 2024 12:58:05 +0100
|
||||
Subject: Change dhparam from 512bits to 2048bits to make newer nrpe-clients
|
||||
happy
|
||||
|
||||
---
|
||||
configure | 2 +-
|
||||
configure.in | 2 +-
|
||||
src/nrpe.c | 2 +-
|
||||
3 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/configure b/configure
|
||||
index 6b9795c..001f22d 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -6745,7 +6745,7 @@ _ACEOF
|
||||
sslbin=$ssldir/bin/openssl
|
||||
fi
|
||||
# awk to strip off meta data at bottom of dhparam output
|
||||
- $sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h
|
||||
+ $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
|
||||
fi
|
||||
fi
|
||||
|
||||
diff --git a/configure.in b/configure.in
|
||||
index 0453f69..74aa81c 100644
|
||||
--- a/configure.in
|
||||
+++ b/configure.in
|
||||
@@ -340,7 +340,7 @@ if test x$check_for_ssl = xyes; then
|
||||
sslbin=$ssldir/bin/openssl
|
||||
fi
|
||||
# awk to strip off meta data at bottom of dhparam output
|
||||
- $sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h
|
||||
+ $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
|
||||
fi
|
||||
fi
|
||||
|
||||
diff --git a/src/nrpe.c b/src/nrpe.c
|
||||
index e152118..e1f242c 100644
|
||||
--- a/src/nrpe.c
|
||||
+++ b/src/nrpe.c
|
||||
@@ -266,7 +266,7 @@ int main(int argc, char **argv){
|
||||
|
||||
/* use anonymous DH ciphers */
|
||||
SSL_CTX_set_cipher_list(ctx,"ADH");
|
||||
- dh=get_dh512();
|
||||
+ dh=get_dh2048();
|
||||
SSL_CTX_set_tmp_dh(ctx,dh);
|
||||
DH_free(dh);
|
||||
if(debug==TRUE)
|
1
debian/patches/series
vendored
1
debian/patches/series
vendored
|
@ -4,3 +4,4 @@
|
|||
06_pid_directory.dpatch
|
||||
07_warn_ssloption.dpatch
|
||||
09_noremove_pid.dpatch
|
||||
0007-Change-dhparam-from-512bits-to-2048bits-to-make-newe.patch
|
||||
|
|
Loading…
Reference in a new issue