Changeset 5674676 in mod_gnutls


Ignore:
Timestamp:
Dec 3, 2013, 6:49:10 PM (6 years ago)
Author:
Daniel Kahn Gillmor <dkg@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
9720026
Parents:
9717fe4
git-author:
Daniel Kahn Gillmor <dkg@…> (12/03/13 17:50:07)
git-committer:
Daniel Kahn Gillmor <dkg@…> (12/03/13 18:49:10)
Message:

add SSL_DH_PRIME_BITS to expose the size of the DH modulus to CGI

Files:
7 edited

Legend:

Unmodified
Added
Removed
  • docs/manual.mdwn

    r9717fe4 r5674676  
    662662
    663663This does not fully reflect the security level since the size of
    664 
    665664RSA or DHE key exchange parameters affect the security level too.
     665
     666###### SSL\_DH\_PRIME\_BITS
     667
     668The number if bits in the modulus for the DH group, if DHE or static
     669DH is used.
     670
     671This will not be set if DH is not used.
    666672
    667673###### SSL\_CIPHER\_EXPORT
     
    727733
    728734The certificate type can be X.509 or OPENPGP.
     735
  • docs/mod_gnutls_manual.mdwn

    r9717fe4 r5674676  
    595595RSA or DHE key exchange parameters affect the security level too.
    596596
     597`SSL_DH_PRIME_BITS`
     598-------------------
     599
     600The number if bits in the modulus for the DH group, if DHE or static
     601DH is used.
     602
     603This will not be set if DH is not used.
     604
    597605`SSL_CIPHER_EXPORT`
    598606-------------------
  • src/gnutls_hooks.c

    r9717fe4 r5674676  
    798798            (key_size <= 40) ? "true" : "false");
    799799
     800    int dhsize = gnutls_dh_get_prime_bits(ctxt->session);
     801    if (dhsize > 0) {
     802        tmp = apr_psprintf(r->pool, "%d", dhsize);
     803        apr_table_setn(env, "SSL_DH_PRIME_BITS", tmp);
     804    }
     805
    800806    len = sizeof (sbuf);
    801807    gnutls_session_get_id(ctxt->session, sbuf, &len);
  • t/data/dump.cgi

    r9717fe4 r5674676  
    1111----SubjectAltName:----
    1212$SSL_CLIENT_S_AN0
     13
     14DH prime bits: $SSL_DH_PRIME_BITS
    1315EOF
  • t/tests/12_cgi_variables/gnutls-cli.args

    r9717fe4 r5674676  
    22--x509keyfile=../../client/secret.key
    33--x509cafile=../../authority/x509.pem
    4 --priority=NORMAL
     4--priority=NORMAL:-KX-ALL:+DHE-RSA
  • t/tests/12_cgi_variables/output

    r9717fe4 r5674676  
    88RFC822NAME:test0@modgnutls.test
    99
     10DH prime bits: 2048
     11
    10120
    1113
  • t/tests/13_cgi_variables_no_client_cert/output

    r9717fe4 r5674676  
    33Content-Type: text/plain
    44
    5 53
     564
    66----Certificate:----
    77
     
    1313
    1414
     15DH prime bits:
     16
    15170
    1618
Note: See TracChangeset for help on using the changeset viewer.