Bug#487152: Patch Addendum

[Scott Schaefer]

Re Rr. Martin's question of 6/23/2008 ... "... is it also in the code 
when you don't use the conf entry":

Yes (and No).  The code uses default value of 512  (as per documentation).
Attached are two files:
   defbits-2048b.patch changes #define DEFAULT_KEY_LENGTH in code to 2048
   openssl-default-bits-2048-r2.patch combines above into Mr. 
Chamberlain's original patch

Either apply latter, or apply both Mr Chamberlain's and former.



diff --git a/apps/openssl.cnf b/apps/openssl.cnf
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -103,7 +103,7 @@
 
 ####################################################################
 [ req ]
-default_bits		= 1024
+default_bits		= 2048
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
diff --git a/apps/req.c b/apps/req.c
--- a/apps/req.c
+++ b/apps/req.c
@@ -99,7 +99,7 @@
 #define STRING_MASK	"string_mask"
 #define UTF8_IN		"utf8"
 
-#define DEFAULT_KEY_LENGTH	512
+#define DEFAULT_KEY_LENGTH	2048
 #define MIN_KEY_LENGTH		384
 
 #undef PROG
diff --git a/doc/apps/req.pod b/doc/apps/req.pod
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@@ -506,16 +506,16 @@
 
 Create a private key and then generate a certificate request from it:
 
- openssl genrsa -out key.pem 1024
+ openssl genrsa -out key.pem 2048
  openssl req -new -key key.pem -out req.pem
 
 The same but just using req:
 
- openssl req -newkey rsa:1024 -keyout key.pem -out req.pem
+ openssl req -newkey rsa:2048 -keyout key.pem -out req.pem
 
 Generate a self signed root certificate:
 
- openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem
+ openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem
 
 Example of a file pointed to by the B<oid_file> option:
 
@@ -531,7 +531,7 @@
 Sample configuration file prompting for field values:
 
  [ req ]
- default_bits		= 1024
+ default_bits		= 2048
  default_keyfile 	= privkey.pem
  distinguished_name	= req_distinguished_name
  attributes		= req_attributes
@@ -572,7 +572,7 @@
  RANDFILE		= $ENV::HOME/.rnd
 
  [ req ]
- default_bits		= 1024
+ default_bits		= 2048
  default_keyfile 	= keyfile.pem
  distinguished_name	= req_distinguished_name
  attributes		= req_attributes
diff --git a/apps/req.c b/apps/req.c
--- a/apps/req.c
+++ b/apps/req.c
@@ -99,7 +99,7 @@
 #define STRING_MASK	"string_mask"
 #define UTF8_IN		"utf8"
 
-#define DEFAULT_KEY_LENGTH	512
+#define DEFAULT_KEY_LENGTH	2048
 #define MIN_KEY_LENGTH		384
 
 #undef PROG