Longer default PKCS keys

[silc.git] / apps / silcd / serverconfig.c

diff --git a/apps/silcd/serverconfig.c b/apps/silcd/serverconfig.c
index 30d76af3516cae4c81cbb60a718e938cc66fadf3..187f5e9855a538b4b5c188d3fa0a0541ecbfee68 100644 (file)
--- a/apps/silcd/serverconfig.c
+++ b/apps/silcd/serverconfig.c
@@ -2,9 +2,10 @@
 
   serverconfig.c
 
-  Author: Giovanni Giacobbi <giovanni@giacobbi.net>
+  Authors: Giovanni Giacobbi <giovanni@giacobbi.net>
+           Pekka Riikonen <priikone@silcnet.org>
 
-  Copyright (C) 1997 - 2007 Pekka Riikonen
+  Copyright (C) 1997 - 2014 Pekka Riikonen
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -655,6 +656,14 @@ SILC_CONFIG_CALLBACK(fetch_serverinfo)
       SILC_SERVER_LOG_ERROR(("Error: Could not load private key file."));
       return SILC_CONFIG_EPRINTLINE;
     }
+
+    /* Warn if key length is < 4096 (some versions created 4095 bit keys). */
+    if (silc_pkcs_private_key_get_len(server_info->private_key) < 4095) {
+      fprintf(stderr,
+              "warning: Your server private key %s length is under 4096 bits. "
+             "It is recommended to use at least 4096 bits. Consider "
+             "generating a new server key pair.\n", file_tmp);
+    }
   }
   else
     return SILC_CONFIG_EINTERNAL;
@@ -1542,7 +1551,7 @@ SilcServerConfig silc_server_config_alloc(const char *filename,
                               silc_config_strerror(ret)));
       linebuf = silc_config_read_line(file, line);
       if (linebuf) {
-       SILC_SERVER_LOG_ERROR(("  file %s line %lu:  %s\n", filename,
+       SILC_SERVER_LOG_ERROR(("  file %s line %u:  %s\n", filename,
                               line, linebuf));
        silc_free(linebuf);
       }
@@ -1870,7 +1879,7 @@ silc_server_config_find_client(SilcServer server, char *host)
     return NULL;
 
   for (client = config->clients; client; client = client->next) {
-    if (client->host && !silc_string_compare(client->host, host))
+    if (client->host && !silc_string_match(client->host, host))
       continue;
     break;
   }
@@ -1898,11 +1907,11 @@ silc_server_config_find_admin(SilcServer server, char *host, char *user,
     nick = "*";
 
   for (admin = config->admins; admin; admin = admin->next) {
-    if (admin->host && !silc_string_compare(admin->host, host))
+    if (admin->host && !silc_string_match(admin->host, host))
       continue;
-    if (admin->user && !silc_string_compare(admin->user, user))
+    if (admin->user && !silc_string_match(admin->user, user))
       continue;
-    if (admin->nick && !silc_string_compare(admin->nick, nick))
+    if (admin->nick && !silc_string_match(admin->nick, nick))
       continue;
     /* no checks failed -> this entry matches */
     break;
@@ -1925,7 +1934,7 @@ silc_server_config_find_denied(SilcServer server, char *host)
     return NULL;
 
   for (deny = config->denied; deny; deny = deny->next) {
-    if (deny->host && !silc_string_compare(deny->host, host))
+    if (deny->host && !silc_string_match(deny->host, host))
       continue;
     break;
   }
@@ -1950,7 +1959,7 @@ silc_server_config_find_server_conn(SilcServer server, char *host)
     return NULL;
 
   for (serv = config->servers; serv; serv = serv->next) {
-    if (!silc_string_compare(serv->host, host))
+    if (!silc_string_match(serv->host, host))
       continue;
     break;
   }
@@ -1974,7 +1983,7 @@ silc_server_config_find_router_conn(SilcServer server, char *host, int port)
     return NULL;
 
   for (serv = config->routers; serv; serv = serv->next) {
-    if (!silc_string_compare(serv->host, host))
+    if (!silc_string_match(serv->host, host))
       continue;
     if (port && serv->port && serv->port != port)
       continue;
@@ -2001,7 +2010,7 @@ silc_server_config_find_backup_conn(SilcServer server, char *host)
   for (serv = config->routers; serv; serv = serv->next) {
     if (!serv->backup_router)
       continue;
-    if (!silc_string_compare(serv->host, host))
+    if (!silc_string_match(serv->host, host))
       continue;
     break;
   }