security: fix DH key generation when FIPS mode is on

When FIPS mode is on, gnutls_dh_params_generate2 will fail if 1024 is
specified as the prime's number of bits, a bigger value works in both
cases.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
index 31aac9d4fb55b53e21206dccbad6591e4678e310..947038dc38e30bbc90d6faccd185f9f11d82142d 100644 (file)
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@@ -43,7 +43,7 @@
 #include "virthread.h"
 #include "configmake.h"
 
-#define DH_BITS 1024
+#define DH_BITS 2048
 
 #define LIBVIRT_PKI_DIR SYSCONFDIR "/pki"
 #define LIBVIRT_CACERT LIBVIRT_PKI_DIR "/CA/cacert.pem"