tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: svn commit: r1587896 - in /tomcat/native/branches/1.1.x: native/src/ssl.c xdocs/miscellaneous/changelog.xml
Date Wed, 16 Apr 2014 18:50:01 GMT
Mladen,

On 4/16/14, 8:52 AM, mturk@apache.org wrote:
> Author: mturk
> Date: Wed Apr 16 12:52:16 2014
> New Revision: 1587896
> 
> URL: http://svn.apache.org/r1587896
> Log:
> Fix Bz56396. Be tolerant on RSA keys < 1024 bits
> 
> Modified:
>     tomcat/native/branches/1.1.x/native/src/ssl.c
>     tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml
> 
> Modified: tomcat/native/branches/1.1.x/native/src/ssl.c
> URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/ssl.c?rev=1587896&r1=1587895&r2=1587896&view=diff
> ==============================================================================
> --- tomcat/native/branches/1.1.x/native/src/ssl.c (original)
> +++ tomcat/native/branches/1.1.x/native/src/ssl.c Wed Apr 16 12:52:16 2014
> @@ -221,6 +221,14 @@ static const jint supported_ssl_opts = 0
>  
>  static int ssl_tmp_key_init_rsa(int bits, int idx)
>  {
> +#ifdef OPENSSL_FIPS
> +    /**
> +     * With FIPS mode short RSA keys cannot be
> +     * generated.
> +     */
> +    if (bits < 1024)
> +        return 0;
> +#endif

Why not fix this by removing the actual call to
ssl_tmp_key_init_rsa(512) instead of modifying the behavior of the function?

-chris


Mime
View raw message