]> git.ipfire.org Git - thirdparty/FORT-validator.git/commitdiff
projects / thirdparty / FORT-validator.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3412087)
Downgrade the "modulus too long" error to warning.
authorAlberto Leiva Popper <ydahhrk@gmail.com>
Fri, 3 Feb 2023 17:56:22 +0000 (11:56 -0600)
committerAlberto Leiva Popper <ydahhrk@gmail.com>
Fri, 3 Feb 2023 17:56:22 +0000 (11:56 -0600)
Mirrors the new public key code's small forward compatibility gimmic
in the old code.

src/object/certificate.c patch | blob | blame | history

diff --git a/src/object/certificate.c b/src/object/certificate.c
index 377f5199003ecf186ba46392070568d36960ed4c..c6f61efdcecd9915bc2e2d5fd67fb9de190f2c92 100644 (file)
--- a/src/object/certificate.c
+++ b/src/object/certificate.c
@@ -391,9 +391,12 @@ validate_subject_public_key(X509_PUBKEY *pubkey)
                return val_crypto_err("EVP_PKEY_get0_RSA() returned NULL");
 
        modulus = RSA_bits(rsa);
-       if (modulus != MODULUS)
+       if (modulus < MODULUS)
                return pr_val_err("Certificate's subjectPublicKey (RSAPublicKey) modulus is %d bits, not %d bits.",
                    modulus, MODULUS);
+       if (modulus > MODULUS)
+               pr_val_warn("Certificate's subjectPublicKey (RSAPublicKey) modulus lengths %d bits, not %d bits",
+                   modulus, MODULUS);
 
        RSA_get0_key(rsa, NULL, &exp, NULL);
        if (exp == NULL)
Mirror of https://github.com/NICMx/FORT-validator.git