nagios-nrpe-jessie-gbp/debian/patches/0007-Change-dhparam-from-512bits-to-2048bits-to-make-newe.patch

51 lines
1.4 KiB
Diff

From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Thu, 1 Feb 2024 12:58:05 +0100
Subject: Change dhparam from 512bits to 2048bits to make newer nrpe-clients
happy
---
configure | 2 +-
configure.in | 2 +-
src/nrpe.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/configure b/configure
index 6b9795c..001f22d 100755
--- a/configure
+++ b/configure
@@ -6745,7 +6745,7 @@ _ACEOF
sslbin=$ssldir/bin/openssl
fi
# awk to strip off meta data at bottom of dhparam output
- $sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h
+ $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
fi
fi
diff --git a/configure.in b/configure.in
index 0453f69..74aa81c 100644
--- a/configure.in
+++ b/configure.in
@@ -340,7 +340,7 @@ if test x$check_for_ssl = xyes; then
sslbin=$ssldir/bin/openssl
fi
# awk to strip off meta data at bottom of dhparam output
- $sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h
+ $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
fi
fi
diff --git a/src/nrpe.c b/src/nrpe.c
index e152118..e1f242c 100644
--- a/src/nrpe.c
+++ b/src/nrpe.c
@@ -266,7 +266,7 @@ int main(int argc, char **argv){
/* use anonymous DH ciphers */
SSL_CTX_set_cipher_list(ctx,"ADH");
- dh=get_dh512();
+ dh=get_dh2048();
SSL_CTX_set_tmp_dh(ctx,dh);
DH_free(dh);
if(debug==TRUE)