Never call load_dh_param(NULL) because this leads to an illegal

fopen(NULL).

diff --git a/CHANGES b/CHANGES
index 744eaafb15c4475af1644ad68cd34f9c1bb1087b..2e3e2ab9b8ae7fbd09218e29a11220dfc32cb2a1 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) Never call load_dh_param(NULL) in s_server.
+     [Bodo Moeller]
+
   *) Add engine application.  It can currently list engines by name and
      identity, and test if they are actually available.
      [Richard Levitte]

diff --git a/apps/s_server.c b/apps/s_server.c
index 61a77dff1159c3bd3275f001921780c0e847eefe..7b6a2b0a2d6c3e1715deb41059284d26b4f8b817 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -416,9 +416,6 @@ int MAIN(int argc, char *argv[])
        int state=0;
        SSL_METHOD *meth=NULL;
        ENGINE *e=NULL;
-#ifndef NO_DH
-       DH *dh=NULL;
-#endif
 
 #if !defined(NO_SSL2) && !defined(NO_SSL3)
        meth=SSLv23_server_method();
@@ -682,7 +679,13 @@ bad:
 #ifndef NO_DH
        if (!no_dhe)
                {
-               dh=load_dh_param(dhfile ? dhfile : s_cert_file);
+               DH *dh=NULL;
+
+               if (dhfile)
+                       dh = load_dh_param(dhfile);
+               else if (s_cert_file)
+                       dh = load_dh_param(s_cert_file);
+
                if (dh != NULL)
                        {
                        BIO_printf(bio_s_out,"Setting temp DH parameters\n");