X-Git-Url: http://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Ftincctl.c;h=1f0246c0aa8234cf7a454e2842d12e799143644c;hb=9cbd3c2b5b03c29c116a14f196db8a32c7135391;hp=465c9813f69295bcad9b4c5fdc60e0fceba839b7;hpb=c7c5c74d4af7442b92d863fc9eb04395c456b0be;p=tinc

diff --git a/src/tincctl.c b/src/tincctl.c
index 465c9813..1f0246c0 100644
--- a/src/tincctl.c
+++ b/src/tincctl.c
@@ -446,11 +446,13 @@ static bool rsa_keygen(int bits, bool ask) {
 	// Make sure the key size is a multiple of 8 bits.
 	bits &= ~0x7;
 
-	// Force them to be between 1024 and 8192 bits long.
-	if(bits < 1024)
-		bits = 1024;
-	if(bits > 8192)
-		bits = 8192;
+	// Make sure that a valid key size is used.
+	if(bits < 1024 || bits > 8192) {
+		fprintf(stderr, "Invalid key size %d specified! It should be between 1024 and 8192 bits.\n", bits);
+		return false;
+	} else if(bits < 2048) {
+		fprintf(stderr, "WARNING: generating a weak %d bits RSA key! 2048 or more bits are recommended.\n", bits);
+	}
 
 	fprintf(stderr, "Generating %d bits keys:\n", bits);