From f5194409037e494d0f8768f5d28996cbc0250011 Mon Sep 17 00:00:00 2001
From: Philipp Hancke <philipp.hancke@googlemail.com>
Date: Thu, 4 Feb 2021 14:20:27 +0100
Subject: [PATCH] fix weak self-signed certificates

increases the size of the self-signed key/certificate to 2048 bytes.
Recent versions of OpenSSL refuse to use certificates with 1024 byte
RSA signatures.
---
 src/tls/openssl/tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tls/openssl/tls.c b/src/tls/openssl/tls.c
index 85e2fd41..8cee258b 100644
--- a/src/tls/openssl/tls.c
+++ b/src/tls/openssl/tls.c
@@ -258,7 +258,7 @@ int tls_set_selfsigned(struct tls *tls, const char *cn)
 		goto out;
 
 	BN_set_word(bn, RSA_F4);
-	if (!RSA_generate_key_ex(rsa, 1024, bn, NULL))
+	if (!RSA_generate_key_ex(rsa, 2048, bn, NULL))
 		goto out;
 
 	key = EVP_PKEY_new();