ecdsa cert feature gated by global allow_ecdsa_256bit_certs

2023-03-02 09:43:19 -08:00 · 2023-03-02 09:43:19 -08:00 · 830f42770e
parent f2ae4c30d0
commit 830f42770e
1 changed files with 4 additions and 2 deletions
--- a/src/switch_core_cert.c
+++ b/src/switch_core_cert.c
@ -365,8 +365,10 @@ SWITCH_DECLARE(switch_bool_t) switch_core_check_dtls_pem(const char *file)
 	}

 	bits = EVP_PKEY_bits(pkey);
-	min_cert_size_bits = EVP_PKEY_EC == EVP_PKEY_id(pkey) ? 256 : 4096;
-
+	min_cert_size_bits = 4096;
+	if (switch_true(switch_core_get_variable("allow_ecdsa_256bit_certs")) && EVP_PKEY_EC == EVP_PKEY_id(pkey)) {
+	    min_cert_size_bits = 256;
+	}
 	EVP_PKEY_free(pkey);

 	if (bits < min_cert_size_bits) {