Change dhparam from 512bits to 2048bits to make newer nrpe-clients happy

debian/patches/0007-Change-dhparam-from-512bits-to-2048bits-to-make-newe.patch

@@ -0,0 +1,50 @@
+From: Ludovic Poujol <lpoujol@evolix.fr>
+Date: Thu, 1 Feb 2024 12:58:05 +0100
+Subject: Change dhparam from 512bits to 2048bits to make newer nrpe-clients
+ happy
+
+---
+ configure    | 2 +-
+ configure.in | 2 +-
+ src/nrpe.c   | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/configure b/configure
+index 6b9795c..001f22d 100755
+--- a/configure
++++ b/configure
+@@ -6745,7 +6745,7 @@ _ACEOF
+ 				sslbin=$ssldir/bin/openssl
+ 			fi
+ 			# awk to strip off meta data at bottom of dhparam output
+-			$sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h
++			$sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
+ 		fi
+ 	fi
+ 
+diff --git a/configure.in b/configure.in
+index 0453f69..74aa81c 100644
+--- a/configure.in
++++ b/configure.in
+@@ -340,7 +340,7 @@ if test x$check_for_ssl = xyes; then
+ 				sslbin=$ssldir/bin/openssl
+ 			fi
+ 			# awk to strip off meta data at bottom of dhparam output
+-			$sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h
++			$sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
+ 		fi
+ 	fi
+ 
+diff --git a/src/nrpe.c b/src/nrpe.c
+index e152118..e1f242c 100644
+--- a/src/nrpe.c
++++ b/src/nrpe.c
+@@ -266,7 +266,7 @@ int main(int argc, char **argv){
+ 
+ 		/* use anonymous DH ciphers */
+ 		SSL_CTX_set_cipher_list(ctx,"ADH");
+-		dh=get_dh512();
++		dh=get_dh2048();
+ 		SSL_CTX_set_tmp_dh(ctx,dh);
+ 		DH_free(dh);
+ 		if(debug==TRUE)

debian/patches/series

@@ -4,3 +4,4 @@
 06_pid_directory.dpatch
 07_warn_ssloption.dpatch
 09_noremove_pid.dpatch
+0007-Change-dhparam-from-512bits-to-2048bits-to-make-newe.patch