Changeset

2424:27ffa6521d4e

mod_s2s_keysize_policy: Lower log message to a warning since it is not really a fatal error
author Kim Alvefur <zash@zash.se>
date Mon, 19 Dec 2016 07:50:21 +0100
parents 2423:1b6027ef5191
children 2425:26c68a5f432f
files mod_s2s_keysize_policy/mod_s2s_keysize_policy.lua
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mod_s2s_keysize_policy/mod_s2s_keysize_policy.lua	Mon Dec 19 07:49:40 2016 +0100
+++ b/mod_s2s_keysize_policy/mod_s2s_keysize_policy.lua	Mon Dec 19 07:50:21 2016 +0100
@@ -28,7 +28,7 @@
 		if key_size < ( weak_key_size[key_type] or 0 ) then
 			local issued = parse_x509_datetime(cert:notbefore());
 			if issued > weak_key_cutoff then
-				session.log("error", "%s has a %s-bit %s key issued after 31 December 2013, invalidating trust!", host, key_size, key_type);
+				session.log("warn", "%s has a %s-bit %s key issued after 31 December 2013, invalidating trust!", host, key_size, key_type);
 				session.cert_chain_status = "invalid";
 				session.cert_identity_status = "invalid";
 			else