-no_dhe option for ssltest.c

author Bodo Möller <bodo@openssl.org>

Fri, 3 Sep 1999 16:31:36 +0000 (16:31 +0000)

committer Bodo Möller <bodo@openssl.org>

Fri, 3 Sep 1999 16:31:36 +0000 (16:31 +0000)
author Bodo Möller <bodo@openssl.org>
Fri, 3 Sep 1999 16:31:36 +0000 (16:31 +0000)
committer Bodo Möller <bodo@openssl.org>
Fri, 3 Sep 1999 16:31:36 +0000 (16:31 +0000)
diff --git a/ssl/ssltest.c b/ssl/ssltest.c

index f9c96975d4f3586a546cef03b8af39cc3174efce..53a6570df6665fbcf376005c6615373bbfbb4528 100644 (file)
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -122,6 +122,9 @@ static void sv_usage(void)
  #if !defined NO_DH && !defined NO_DSA
         fprintf(stderr," -dhe1024      - generate 1024 bit key for DHE\n");
  #endif
  #if !defined NO_DH && !defined NO_DSA
         fprintf(stderr," -dhe1024      - generate 1024 bit key for DHE\n");
  #endif
+#if !defined NO_DH
+       fprintf(stderr," -no_dhe       - disable DHE\n");
+#endif
  #ifndef NO_SSL2
         fprintf(stderr," -ssl2         - use SSLv2\n");
  #endif
  #ifndef NO_SSL2
         fprintf(stderr," -ssl2         - use SSLv2\n");
  #endif
@@ -159,7 +162,7 @@ int main(int argc, char *argv[])
         int number=1,reuse=0;
         long bytes=1L;
         SSL_CIPHER *ciph;
         int number=1,reuse=0;
         long bytes=1L;
         SSL_CIPHER *ciph;
-       int dhe1024 = 0;
+       int dhe1024 = 0, no_dhe = 0;
  #ifndef NO_DH
         DH *dh;
  #endif
  #ifndef NO_DH
         DH *dh;
  #endif
@@ -186,6 +189,8 @@ int main(int argc, char *argv[])
                         reuse=1;
                 else if (strcmp(*argv,"-dhe1024") == 0)
                         dhe1024=1;
                         reuse=1;
                 else if (strcmp(*argv,"-dhe1024") == 0)
                         dhe1024=1;
+               else if (strcmp(*argv,"-no_dhe") == 0)
+                       no_dhe=1;
                 else if (strcmp(*argv,"-ssl2") == 0)
                         ssl2=1;
                 else if (strcmp(*argv,"-tls1") == 0)
                 else if (strcmp(*argv,"-ssl2") == 0)
                         ssl2=1;
                 else if (strcmp(*argv,"-tls1") == 0)
@@ -311,33 +316,36 @@ bad:
                 }
  
  #ifndef NO_DH
                 }
  
  #ifndef NO_DH
-# ifndef NO_DSA
-       if (dhe1024) 
+       if (!no_dhe)
                 {
                 {
-               DSA *dsa;
-               unsigned char seed[20];
-
-               if (verbose)
+# ifndef NO_DSA
+               if (dhe1024) 
                         {
                         {
-                       fprintf(stdout, "Creating 1024 bit DHE parameters ...");
-                       fflush(stdout);
+                       DSA *dsa;
+                       unsigned char seed[20];
+                       
+                       if (verbose)
+                               {
+                               fprintf(stdout, "Creating 1024 bit DHE parameters ...");
+                               fflush(stdout);
+                               }
+                       
+                       memcpy(seed, "Random String no. 12", 20);
+                       dsa = DSA_generate_parameters(1024, seed, 20, NULL, NULL, 0, NULL);
+                       dh = DSA_dup_DH(dsa);   
+                       DSA_free(dsa);
+                       /* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
+                       SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+                       
+                       if (verbose)
+                               fprintf(stdout, " done\n");
                         }
                         }
-
-               memcpy(seed, "Random String no. 12", 20);
-               dsa = DSA_generate_parameters(1024, seed, 20, NULL, NULL, 0, NULL);
-               dh = DSA_dup_DH(dsa);   
-               DSA_free(dsa);
-               /* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
-               SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
-
-               if (verbose)
-                       fprintf(stdout, " done\n");
-               }
-       else
+               else
  # endif
  # endif
-               dh=get_dh512();
-       SSL_CTX_set_tmp_dh(s_ctx,dh);
-       DH_free(dh);
+                       dh=get_dh512();
+               SSL_CTX_set_tmp_dh(s_ctx,dh);
+               DH_free(dh);
+               }
  #endif
  
  #ifndef NO_RSA
  #endif
  
  #ifndef NO_RSA
diff --git a/test/testssl b/test/testssl

index 255ae5e9768e4e9af65cf0dc353c04deebe44017..5a76bdf7789b217089510e2f425ebabe7f68c9a2 100644 (file)
--- a/test/testssl
+++ b/test/testssl
@@ -63,6 +63,9 @@ echo test sslv3 with both client and server authentication via BIO pair
  echo test sslv2/sslv3 via BIO pair
  ./ssltest || exit 1
  
  echo test sslv2/sslv3 via BIO pair
  ./ssltest || exit 1
  
+echo test sslv2/sslv3 w/o DHE via BIO pair
+./ssltest -no_dhe || exit 1
+
  echo test sslv2/sslv3 with server authentication
  ./ssltest -bio_pair -server_auth -CApath ../certs || exit 1
  
  echo test sslv2/sslv3 with server authentication
  ./ssltest -bio_pair -server_auth -CApath ../certs || exit 1
author	Bodo Möller <bodo@openssl.org>
	Fri, 3 Sep 1999 16:31:36 +0000 (16:31 +0000)
committer	Bodo Möller <bodo@openssl.org>
	Fri, 3 Sep 1999 16:31:36 +0000 (16:31 +0000)
ssl/ssltest.c		patch \| blob \| history
test/testssl		patch \| blob \| history