projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
497cc4b
)
-no_dhe option for ssltest.c
author
Bodo Möller
<bodo@openssl.org>
Fri, 3 Sep 1999 16:31:36 +0000
(16:31 +0000)
committer
Bodo Möller
<bodo@openssl.org>
Fri, 3 Sep 1999 16:31:36 +0000
(16:31 +0000)
ssl/ssltest.c
patch
|
blob
|
history
test/testssl
patch
|
blob
|
history
diff --git
a/ssl/ssltest.c
b/ssl/ssltest.c
index f9c96975d4f3586a546cef03b8af39cc3174efce..53a6570df6665fbcf376005c6615373bbfbb4528 100644
(file)
--- a/
ssl/ssltest.c
+++ b/
ssl/ssltest.c
@@
-122,6
+122,9
@@
static void sv_usage(void)
#if !defined NO_DH && !defined NO_DSA
fprintf(stderr," -dhe1024 - generate 1024 bit key for DHE\n");
#endif
#if !defined NO_DH && !defined NO_DSA
fprintf(stderr," -dhe1024 - generate 1024 bit key for DHE\n");
#endif
+#if !defined NO_DH
+ fprintf(stderr," -no_dhe - disable DHE\n");
+#endif
#ifndef NO_SSL2
fprintf(stderr," -ssl2 - use SSLv2\n");
#endif
#ifndef NO_SSL2
fprintf(stderr," -ssl2 - use SSLv2\n");
#endif
@@
-159,7
+162,7
@@
int main(int argc, char *argv[])
int number=1,reuse=0;
long bytes=1L;
SSL_CIPHER *ciph;
int number=1,reuse=0;
long bytes=1L;
SSL_CIPHER *ciph;
- int dhe1024 = 0;
+ int dhe1024 = 0
, no_dhe = 0
;
#ifndef NO_DH
DH *dh;
#endif
#ifndef NO_DH
DH *dh;
#endif
@@
-186,6
+189,8
@@
int main(int argc, char *argv[])
reuse=1;
else if (strcmp(*argv,"-dhe1024") == 0)
dhe1024=1;
reuse=1;
else if (strcmp(*argv,"-dhe1024") == 0)
dhe1024=1;
+ else if (strcmp(*argv,"-no_dhe") == 0)
+ no_dhe=1;
else if (strcmp(*argv,"-ssl2") == 0)
ssl2=1;
else if (strcmp(*argv,"-tls1") == 0)
else if (strcmp(*argv,"-ssl2") == 0)
ssl2=1;
else if (strcmp(*argv,"-tls1") == 0)
@@
-311,33
+316,36
@@
bad:
}
#ifndef NO_DH
}
#ifndef NO_DH
-# ifndef NO_DSA
- if (dhe1024)
+ if (!no_dhe)
{
{
- DSA *dsa;
- unsigned char seed[20];
-
- if (verbose)
+# ifndef NO_DSA
+ if (dhe1024)
{
{
- fprintf(stdout, "Creating 1024 bit DHE parameters ...");
- fflush(stdout);
+ DSA *dsa;
+ unsigned char seed[20];
+
+ if (verbose)
+ {
+ fprintf(stdout, "Creating 1024 bit DHE parameters ...");
+ fflush(stdout);
+ }
+
+ memcpy(seed, "Random String no. 12", 20);
+ dsa = DSA_generate_parameters(1024, seed, 20, NULL, NULL, 0, NULL);
+ dh = DSA_dup_DH(dsa);
+ DSA_free(dsa);
+ /* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
+ SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+
+ if (verbose)
+ fprintf(stdout, " done\n");
}
}
-
- memcpy(seed, "Random String no. 12", 20);
- dsa = DSA_generate_parameters(1024, seed, 20, NULL, NULL, 0, NULL);
- dh = DSA_dup_DH(dsa);
- DSA_free(dsa);
- /* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
- SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
-
- if (verbose)
- fprintf(stdout, " done\n");
- }
- else
+ else
# endif
# endif
- dh=get_dh512();
- SSL_CTX_set_tmp_dh(s_ctx,dh);
- DH_free(dh);
+ dh=get_dh512();
+ SSL_CTX_set_tmp_dh(s_ctx,dh);
+ DH_free(dh);
+ }
#endif
#ifndef NO_RSA
#endif
#ifndef NO_RSA
diff --git
a/test/testssl
b/test/testssl
index 255ae5e9768e4e9af65cf0dc353c04deebe44017..5a76bdf7789b217089510e2f425ebabe7f68c9a2 100644
(file)
--- a/
test/testssl
+++ b/
test/testssl
@@
-63,6
+63,9
@@
echo test sslv3 with both client and server authentication via BIO pair
echo test sslv2/sslv3 via BIO pair
./ssltest || exit 1
echo test sslv2/sslv3 via BIO pair
./ssltest || exit 1
+echo test sslv2/sslv3 w/o DHE via BIO pair
+./ssltest -no_dhe || exit 1
+
echo test sslv2/sslv3 with server authentication
./ssltest -bio_pair -server_auth -CApath ../certs || exit 1
echo test sslv2/sslv3 with server authentication
./ssltest -bio_pair -server_auth -CApath ../certs || exit 1