From b9729ffae1700556e50a372dec481bd11d18ae1d Mon Sep 17 00:00:00 2001
From: Wytze van der Raay <wytze@cacert.org>
Date: Wed, 16 Oct 2013 10:44:30 +0000
Subject: [PATCH] Fix for http://bugs.cacert.org/view.php?id=918 "Weak keys in
 certificates"

---
 includes/keygen.php             | 2 +-
 includes/lib/check_weak_key.php | 7 +------
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/includes/keygen.php b/includes/keygen.php
index 09ec7f9..2713a81 100644
--- a/includes/keygen.php
+++ b/includes/keygen.php
@@ -75,7 +75,7 @@ if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_A
 			<p style="color:red"><?php
 				printf(_('Please note that RSA key sizes smaller than %d bit '.
 					'will not be accepted by CAcert.'),
-					1024)?>
+					2048)?>
 			</p>
 		</fieldset>
 
diff --git a/includes/lib/check_weak_key.php b/includes/lib/check_weak_key.php
index ca13ba2..217b885 100644
--- a/includes/lib/check_weak_key.php
+++ b/includes/lib/check_weak_key.php
@@ -137,7 +137,7 @@ function checkWeakKeyText($text)
 			$keysize = intval($keysize[1]);
 		}
 			
-		if ($keysize < 1024)
+		if ($keysize < 2048)
 		{
 			return sprintf(_("The keys that you use are very small ".
 						"and therefore insecure. Please generate stronger ".
@@ -145,11 +145,6 @@ function checkWeakKeyText($text)
 						"found in %sthe wiki%s"),
 					"<a href='//wiki.cacert.org/WeakKeys#SmallKey'>",
 					"</a>");
-		} elseif ($keysize < 2048) {
-			// not critical but log so we have some statistics about
-			// affected users
-			trigger_error("checkWeakKeyText(): Certificate for small ".
-						"key (< 2048 bit) requested", E_USER_NOTICE);
 		}