RT 3854: Update apps/req

Change the default keysize to 2048 bits, and the minimum to 512 bits.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Emilia Kasper 2016-02-02 17:12:45 +01:00
parent 04f171c096
commit a762655743
2 changed files with 8 additions and 5 deletions

View File

@ -89,8 +89,8 @@
#define STRING_MASK "string_mask"
#define UTF8_IN "utf8"
#define MIN_KEY_LENGTH 384
#define MIN_KEY_LENGTH 512
static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *dn, int mutlirdn,
int attribs, unsigned long chtype);

View File

@ -324,9 +324,12 @@ configuration file values.
=item B<default_bits>
This specifies the default key size in bits. If not specified then
512 is used. It is used if the B<-new> option is used. It can be
overridden by using the B<-newkey> option.
Specifies the default key size in bits.
This option is used in conjunction with the B<-new> option to generate
a new key. It can be overridden by specifying an explicit key size in
the B<-newkey> option. The smallest accepted key size is 512 bits. If
no key size is specified then 2048 bits is used.
=item B<default_keyfile>