mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

New option -dhparam to s_server to allow the DH parameter file to be set

Browse Source 
explicitly. Previously it couldn't be changed because it was hard coded as
"server.pem".
This commit is contained in:
Dr. Stephen Henson 1999-10-04 23:56:06 +00:00
parent 3ea23631d4
commit 3908cdf442
2 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@ -4,6 +4,12 @@
Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
*) New option -dhparam in s_server. This allows a DH parameter file to be
stated explicitly. If it is not stated then it tries the first server
certificate file. The previous behaviour hard coded the filename
"server.pem".
[Steve Henson]
*) Add -pubin and -pubout options to the rsa and dsa commands. These allow
a public key to be input or output. For example:
openssl rsa -in key.pem -pubout -out pubkey.pem

21
apps/s_server.c
View File

@ -108,7 +108,7 @@ static void sv_usage(void);
static int init_ssl_connection(SSL *s);
static void print_stats(BIO *bp,SSL_CTX *ctx);
#ifndef NO_DH
static DH *load_dh_param(void );
static DH *load_dh_param(char *dhfile);
static DH *get_dh512(void);
#endif
#ifdef MONOLITH
@ -160,8 +160,6 @@ static int accept_socket= -1;
#undef PROG
#define PROG s_server_main
#define DH_PARAM "server.pem"
extern int verify_depth;
static char *cipher=NULL;
@ -217,10 +215,12 @@ static void sv_usage(void)
BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
BIO_printf(bio_err," (default is %s)\n",TEST_CERT);
BIO_printf(bio_err," -key arg - RSA file to use, PEM format assumed, in cert file if\n");
BIO_printf(bio_err," -key arg - Private Key file to use, PEM format assumed, in cert file if\n");
BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT);
BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n");
BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n");
BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n");
BIO_printf(bio_err," or a default set of parameters is used\n");
#ifdef FIONBIO
BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
#endif
@ -406,6 +406,7 @@ int MAIN(int argc, char *argv[])
short port=PORT;
char *CApath=NULL,*CAfile=NULL;
char *context = NULL;
char *dhfile = NULL;
int badop=0,bugs=0;
int ret=1;
int off=0;
@ -483,6 +484,11 @@ int MAIN(int argc, char *argv[])
if (--argc < 1) goto bad;
s_key_file= *(++argv);
}
else if (strcmp(*argv,"-dhparam") == 0)
{
if (--argc < 1) goto bad;
dhfile = *(++argv);
}
else if (strcmp(*argv,"-dcert") == 0)
{
if (--argc < 1) goto bad;
@ -643,8 +649,7 @@ bad:
#ifndef NO_DH
if (!no_dhe)
{
/* EAY EAY EAY evil hack */
dh=load_dh_param();
dh=load_dh_param(dhfile ? dhfile : s_cert_file);
if (dh != NULL)
{
BIO_printf(bio_s_out,"Setting temp DH parameters\n");
@ -1076,12 +1081,12 @@ static int init_ssl_connection(SSL *con)
}
#ifndef NO_DH
static DH *load_dh_param(void)
static DH *load_dh_param(char *dhfile)
{
DH *ret=NULL;
BIO *bio;
if ((bio=BIO_new_file(DH_PARAM,"r")) == NULL)
if ((bio=BIO_new_file(dhfile,"r")) == NULL)
goto err;
ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);
err: