From 0bf9d23a4725651521637b031ca4eaebf34fc260 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 11 Sep 2020 13:02:15 +0200 Subject: Newer versions of Qt do not accept 1024bit RSA keys ... and helpfully do not print any kind of warning or error. Instead, accepting SSL connections just silently fails. Isn't this wonderful? --- src/server/net/certmanager.cpp | 4 ++-- src/server/net/sslserver.cpp | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/server/net/certmanager.cpp b/src/server/net/certmanager.cpp index a503088..5d8d824 100644 --- a/src/server/net/certmanager.cpp +++ b/src/server/net/certmanager.cpp @@ -99,8 +99,8 @@ static void generateFiles(QString& key, QString& cert) remove(key.toLocal8Bit().data()); remove(cert.toLocal8Bit().data()); snprintf(tmp, 1000, - "openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -subj '/C=DE/ST=BaWue/L=Freiburg/CN=openslx.org' -keyout \"%s\" -out \"%s\"", - key.toLocal8Bit().data(), cert.toLocal8Bit().data()); + "openssl req -x509 -nodes -days 5000 -newkey rsa:4096 -subj '/C=DE/ST=BaWue/L=Freiburg/CN=openslx.org' -keyout \"%s\" -out \"%s\"", + key.toLocal8Bit().data(), cert.toLocal8Bit().data()); system(tmp); snprintf(tmp, 1000, "chmod 0600 \"%s\" \"%s\"", key.toLocal8Bit().data(), cert.toLocal8Bit().data()); system(tmp); diff --git a/src/server/net/sslserver.cpp b/src/server/net/sslserver.cpp index d968834..b2da034 100644 --- a/src/server/net/sslserver.cpp +++ b/src/server/net/sslserver.cpp @@ -57,7 +57,7 @@ void SslServer::incomingConnection(qintptr socketDescriptor) static int certFails = 0; QSslKey key; QSslCertificate cert; - if (!CertManager::getPrivateKeyAndCert("manager", key, cert)) { + if (!CertManager::getPrivateKeyAndCert("manager2", key, cert)) { if (++certFails > 5) { CertManager::fatal(); } -- cgit v1.2.3-55-g7522