From 3908cdf442e3394ee7fa52b46d8715796ca5ea6a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 4 Oct 1999 23:56:06 +0000 Subject: [PATCH] New option -dhparam to s_server to allow the DH parameter file to be set explicitly. Previously it couldn't be changed because it was hard coded as "server.pem". --- CHANGES | 6 ++++++ apps/s_server.c | 21 +++++++++++++-------- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 4e9fef40c1..8ee6b2ea11 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] + *) New option -dhparam in s_server. This allows a DH parameter file to be + stated explicitly. If it is not stated then it tries the first server + certificate file. The previous behaviour hard coded the filename + "server.pem". + [Steve Henson] + *) Add -pubin and -pubout options to the rsa and dsa commands. These allow a public key to be input or output. For example: openssl rsa -in key.pem -pubout -out pubkey.pem diff --git a/apps/s_server.c b/apps/s_server.c index da0f2ff116..ca22b2f2ca 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -108,7 +108,7 @@ static void sv_usage(void); static int init_ssl_connection(SSL *s); static void print_stats(BIO *bp,SSL_CTX *ctx); #ifndef NO_DH -static DH *load_dh_param(void ); +static DH *load_dh_param(char *dhfile); static DH *get_dh512(void); #endif #ifdef MONOLITH @@ -160,8 +160,6 @@ static int accept_socket= -1; #undef PROG #define PROG s_server_main -#define DH_PARAM "server.pem" - extern int verify_depth; static char *cipher=NULL; @@ -217,10 +215,12 @@ static void sv_usage(void) BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); BIO_printf(bio_err," (default is %s)\n",TEST_CERT); - BIO_printf(bio_err," -key arg - RSA file to use, PEM format assumed, in cert file if\n"); + BIO_printf(bio_err," -key arg - Private Key file to use, PEM format assumed, in cert file if\n"); BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n"); BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n"); + BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n"); + BIO_printf(bio_err," or a default set of parameters is used\n"); #ifdef FIONBIO BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); #endif @@ -406,6 +406,7 @@ int MAIN(int argc, char *argv[]) short port=PORT; char *CApath=NULL,*CAfile=NULL; char *context = NULL; + char *dhfile = NULL; int badop=0,bugs=0; int ret=1; int off=0; @@ -483,6 +484,11 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; s_key_file= *(++argv); } + else if (strcmp(*argv,"-dhparam") == 0) + { + if (--argc < 1) goto bad; + dhfile = *(++argv); + } else if (strcmp(*argv,"-dcert") == 0) { if (--argc < 1) goto bad; @@ -643,8 +649,7 @@ bad: #ifndef NO_DH if (!no_dhe) { - /* EAY EAY EAY evil hack */ - dh=load_dh_param(); + dh=load_dh_param(dhfile ? dhfile : s_cert_file); if (dh != NULL) { BIO_printf(bio_s_out,"Setting temp DH parameters\n"); @@ -1076,12 +1081,12 @@ static int init_ssl_connection(SSL *con) } #ifndef NO_DH -static DH *load_dh_param(void) +static DH *load_dh_param(char *dhfile) { DH *ret=NULL; BIO *bio; - if ((bio=BIO_new_file(DH_PARAM,"r")) == NULL) + if ((bio=BIO_new_file(dhfile,"r")) == NULL) goto err; ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL); err: -- 2.34.1