Context Navigation

Changeset 5674676 in mod_gnutls

Timestamp:

Dec 3, 2013, 6:49:10 PM (9 years ago)

Author:

Daniel Kahn Gillmor <dkg@…>

Branches:

Children:

9720026

Parents:

9717fe4

git-author:

Daniel Kahn Gillmor <dkg@…> (12/03/13 17:50:07)

git-committer:

Daniel Kahn Gillmor <dkg@…> (12/03/13 18:49:10)

Message:

add SSL_DH_PRIME_BITS to expose the size of the DH modulus to CGI

Files:

-                      r9717fe4
+                      r5674676
 This does not fully reflect the security level since the size of
 RSA or DHE key exchange parameters affect the security level too.
+###### SSL\_DH\_PRIME\_BITS
+The number if bits in the modulus for the DH group, if DHE or static
+DH is used.
+This will not be set if DH is not used.
 ###### SSL\_CIPHER\_EXPORT
 …
 The certificate type can be X.509 or OPENPGP.

-                      r9717fe4
+                      r5674676
 RSA or DHE key exchange parameters affect the security level too.
+`SSL_DH_PRIME_BITS`
+-------------------
+The number if bits in the modulus for the DH group, if DHE or static
+DH is used.
+This will not be set if DH is not used.
 `SSL_CIPHER_EXPORT`
 -------------------

-                      r9717fe4
+                      r5674676
             (key_size <= 40) ? "true" : "false");
+    int dhsize = gnutls_dh_get_prime_bits(ctxt->session);
+    if (dhsize > 0) {
+        tmp = apr_psprintf(r->pool, "%d", dhsize);
+        apr_table_setn(env, "SSL_DH_PRIME_BITS", tmp);
+    }
     len = sizeof (sbuf);
     gnutls_session_get_id(ctxt->session, sbuf, &len);