#include "virthread.h"
#include "configmake.h"
-#define DH_BITS 2048
-
#define LIBVIRT_PKI_DIR SYSCONFDIR "/pki"
#define LIBVIRT_CACERT LIBVIRT_PKI_DIR "/CA/cacert.pem"
#define LIBVIRT_CACRL LIBVIRT_PKI_DIR "/CA/cacrl.pem"
* security requirements.
*/
if (isServer) {
+ unsigned int bits = 0;
+
+ bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_MEDIUM);
+ if (bits == 0) {
+ virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
+ _("Unable to get key length for diffie-hellman parameters"));
+ goto error;
+ }
+
err = gnutls_dh_params_init(&ctxt->dhParams);
if (err < 0) {
virReportError(VIR_ERR_SYSTEM_ERROR,
gnutls_strerror(err));
goto error;
}
- err = gnutls_dh_params_generate2(ctxt->dhParams, DH_BITS);
+ err = gnutls_dh_params_generate2(ctxt->dhParams, bits);
if (err < 0) {
virReportError(VIR_ERR_SYSTEM_ERROR,
_("Unable to generate diffie-hellman parameters: %s"),
projects / thirdparty / libvirt.git / commitdiff
