Added RSA_KEY_BITS_2048 option

CMakeLists.txt

@@ -11,6 +11,7 @@ option(NO_WEBSOCKET "Disable WebSocket support" OFF)
 option(NO_EXAMPLES "Disable examples" OFF)
 option(NO_TESTS "Disable tests build" OFF)
 option(WARNINGS_AS_ERRORS "Treat warnings as errors" OFF)
+option(RSA_KEY_BITS_2048 "Use 2048-bit RSA key instead of 3072-bit" OFF)
 option(CAPI_STDCALL "Set calling convention of C API callbacks stdcall" OFF)
 # Option USE_SRTP defaults to AUTO (enabled if libSRTP is found, else disabled)
 set(USE_SRTP AUTO CACHE STRING "Use libSRTP and enable media support")
@@ -229,6 +230,11 @@ else()
 	target_link_libraries(datachannel-static PRIVATE LibJuice::LibJuiceStatic)
 endif()
 
+if(RSA_KEY_BITS_2048)
+	target_compile_definitions(datachannel PUBLIC RSA_KEY_BITS_2048)
+	target_compile_definitions(datachannel-static PUBLIC RSA_KEY_BITS_2048)
+endif()
+
 if(CAPI_STDCALL)
 	target_compile_definitions(datachannel PUBLIC CAPI_STDCALL)
 	target_compile_definitions(datachannel-static PUBLIC CAPI_STDCALL)

src/certificate.cpp

@@ -99,7 +99,11 @@ certificate_ptr make_certificate_impl(string commonName) {
 	unique_ptr<gnutls_x509_crt_t, decltype(&free_crt)> crt(new_crt(), free_crt);
 	unique_ptr<gnutls_x509_privkey_t, decltype(&free_privkey)> privkey(new_privkey(), free_privkey);
 
+#ifdef RSA_KEY_BITS_2048
+	const int bits = 2048;
+#else
 	const unsigned int bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_RSA, GNUTLS_SEC_PARAM_HIGH);
+#endif
 	gnutls::check(gnutls_x509_privkey_generate(*privkey, GNUTLS_PK_RSA, bits, 0),
 	              "Unable to generate key pair");
 
@@ -190,7 +194,11 @@ certificate_ptr make_certificate_impl(string commonName) {
 	if (!x509 || !pkey || !rsa || !exponent || !serial_number || !name)
 		throw std::runtime_error("Unable allocate structures for certificate generation");
 
-	const int bits = 4096;
+#ifdef RSA_KEY_BITS_2048
+	const int bits = 2048;
+#else
+	const int bits = 3072;
+#endif
 	const unsigned int e = 65537; // 2^16 + 1
 
 	if (!pkey || !rsa || !exponent || !BN_set_word(exponent.get(), e) ||