提交 ab220967 编写于 作者: G Giuseppe Scrivano

security: fix DH key generation when FIPS mode is on

When FIPS mode is on, gnutls_dh_params_generate2 will fail if 1024 is
specified as the prime's number of bits, a bigger value works in both
cases.
Signed-off-by: NGiuseppe Scrivano <gscrivan@redhat.com>
上级 5bb47e0c
...@@ -43,7 +43,7 @@ ...@@ -43,7 +43,7 @@
#include "virthread.h" #include "virthread.h"
#include "configmake.h" #include "configmake.h"
#define DH_BITS 1024 #define DH_BITS 2048
#define LIBVIRT_PKI_DIR SYSCONFDIR "/pki" #define LIBVIRT_PKI_DIR SYSCONFDIR "/pki"
#define LIBVIRT_CACERT LIBVIRT_PKI_DIR "/CA/cacert.pem" #define LIBVIRT_CACERT LIBVIRT_PKI_DIR "/CA/cacert.pem"
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册