Fix for http://bugs.cacert.org/view.php?id=918

"Weak keys in certificates"
11 years ago · b9729ffae1
parent 82b3c5f6a9
commit b9729ffae1
2 changed files with 2 additions and 7 deletions
--- a/includes/keygen.php
+++ b/includes/keygen.php
@ -75,7 +75,7 @@ if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_A
 			<p style="color:red"><?php
 				printf(_('Please note that RSA key sizes smaller than %d bit '.
 					'will not be accepted by CAcert.'),
-					1024)?>
+					2048)?>
 			</p>
 		</fieldset>

--- a/includes/lib/check_weak_key.php
+++ b/includes/lib/check_weak_key.php
@ -137,7 +137,7 @@ function checkWeakKeyText($text)
 			$keysize = intval($keysize[1]);
 		}
 			
-		if ($keysize < 1024)
+		if ($keysize < 2048)
 		{
 			return sprintf(_("The keys that you use are very small ".
 						"and therefore insecure. Please generate stronger ".
@ -145,11 +145,6 @@ function checkWeakKeyText($text)
 						"found in %sthe wiki%s"),
 					"<a href='//wiki.cacert.org/WeakKeys#SmallKey'>",
 					"</a>");
-		} elseif ($keysize < 2048) {
-			// not critical but log so we have some statistics about
-			// affected users
-			trigger_error("checkWeakKeyText(): Certificate for small ".
-						"key (< 2048 bit) requested", E_USER_NOTICE);
 		}