bugfix #562: ldns-keygen DSA key max size is 1024

Thanks Peter Koch.

diff --git a/Changelog b/Changelog
index 77f20738dfd24463f11d8234fb44962975844e76..5acde1811b1ae8b851c50b64046b0c6f70611371 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -8,6 +8,8 @@ TBD
        * -e option makes ldns-compare-zones exit with status code 2 on difference
        * Filter out specified RR types with ldns-read-zone -e and -E options
        * bugfix #563: Correct DNSKEY from DSA private key. Thanks Peter Koch.
+       * bugfix #562: ldns-keygen match DSA key maximum size with library.
+         Thanks Peter Koch.
 
 1.6.17 2014-01-10
        * Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a

diff --git a/examples/ldns-keygen.c b/examples/ldns-keygen.c
index 316d60d77740d4ed1e6ce3d5d7220607b37a502b..5cb5accb7bd1fa91fdaf9ca1537a49285e16c94f 100644 (file)
--- a/examples/ldns-keygen.c
+++ b/examples/ldns-keygen.c
@@ -140,7 +140,7 @@ main(int argc, char *argv[])
                }
                break;
        case LDNS_SIGN_DSA:
-               if (bits < 512 || bits > 4096) {
+               if (bits < 512 || bits > 1024) {
                        fprintf(stderr, "For DSA, the key size must be between ");
                        fprintf(stderr, " 512 and 1024 bytes. Aborting.\n");
                        exit(1);