[openssl-commits] [openssl] master update

Emilia Kasper emilia at openssl.org
Fri Feb 12 13:14:41 UTC 2016

The branch master has been updated
       via  a76265574398944d686d2d0de9bacca162f555ca (commit)
      from  04f171c09624cd2e9c00152a30cb22637c694ac1 (commit)

- Log -----------------------------------------------------------------
commit a76265574398944d686d2d0de9bacca162f555ca
Author: Emilia Kasper <emilia at openssl.org>
Date:   Tue Feb 2 17:12:45 2016 +0100

    RT 3854: Update apps/req
    Change the default keysize to 2048 bits, and the minimum to 512 bits.
    Reviewed-by: Rich Salz <rsalz at openssl.org>


Summary of changes:
 apps/req.c       | 4 ++--
 doc/apps/req.pod | 9 ++++++---
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/apps/req.c b/apps/req.c
index 3ced170..66bcabc 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -89,8 +89,8 @@
 #define STRING_MASK     "string_mask"
 #define UTF8_IN         "utf8"
-#define DEFAULT_KEY_LENGTH      512
-#define MIN_KEY_LENGTH          384
+#define DEFAULT_KEY_LENGTH      2048
+#define MIN_KEY_LENGTH          512
 static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *dn, int mutlirdn,
                     int attribs, unsigned long chtype);
diff --git a/doc/apps/req.pod b/doc/apps/req.pod
index 9593dec..12a0687 100644
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@@ -324,9 +324,12 @@ configuration file values.
 =item B<default_bits>
-This specifies the default key size in bits. If not specified then
-512 is used. It is used if the B<-new> option is used. It can be
-overridden by using the B<-newkey> option.
+Specifies the default key size in bits.
+This option is used in conjunction with the B<-new> option to generate
+a new key. It can be overridden by specifying an explicit key size in
+the B<-newkey> option. The smallest accepted key size is 512 bits. If
+no key size is specified then 2048 bits is used.
 =item B<default_keyfile>

More information about the openssl-commits mailing list