Commit 3908cdf4 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

New option -dhparam to s_server to allow the DH parameter file to be set 

explicitly. Previously it couldn't be changed because it was hard coded as
"server.pem".
parent 3ea23631

CHANGES

+6 −0
Original line number Diff line number Diff line
@@ -4,6 +4,12 @@ 


 Changes between 0.9.4 and 0.9.5  [xx XXX 1999]



  *) New option -dhparam in s_server. This allows a DH parameter file to be

     stated explicitly. If it is not stated then it tries the first server

     certificate file. The previous behaviour hard coded the filename

     "server.pem".

     [Steve Henson]



  *) Add -pubin and -pubout options to the rsa and dsa commands. These allow

     a public key to be input or output. For example:

     openssl rsa -in key.pem -pubout -out pubkey.pem

apps/s_server.c

+13 −8
Original line number Diff line number Diff line
@@ -108,7 +108,7 @@ static void sv_usage(void); 
static int init_ssl_connection(SSL *s);

static void print_stats(BIO *bp,SSL_CTX *ctx);

#ifndef NO_DH

static DH *load_dh_param(void );

static DH *load_dh_param(char *dhfile);

static DH *get_dh512(void);

#endif

#ifdef MONOLITH
@@ -160,8 +160,6 @@ static int accept_socket= -1; 
#undef PROG

#define PROG		s_server_main



#define DH_PARAM	"server.pem"



extern int verify_depth;



static char *cipher=NULL;
@@ -217,10 +215,12 @@ static void sv_usage(void) 
	BIO_printf(bio_err," -Verify arg   - turn on peer certificate verification, must have a cert.\n");

	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");

	BIO_printf(bio_err,"                 (default is %s)\n",TEST_CERT);

	BIO_printf(bio_err," -key arg      - RSA file to use, PEM format assumed, in cert file if\n");

	BIO_printf(bio_err," -key arg      - Private Key file to use, PEM format assumed, in cert file if\n");

	BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT);

	BIO_printf(bio_err," -dcert arg    - second certificate file to use (usually for DSA)\n");

	BIO_printf(bio_err," -dkey arg     - second private key file to use (usually for DSA)\n");

	BIO_printf(bio_err," -dhparam arg  - DH parameter file to use, in cert file if not specified\n");

	BIO_printf(bio_err,"                 or a default set of parameters is used\n");

#ifdef FIONBIO

	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");

#endif
@@ -406,6 +406,7 @@ int MAIN(int argc, char *argv[]) 
	short port=PORT;

	char *CApath=NULL,*CAfile=NULL;

	char *context = NULL;

	char *dhfile = NULL;

	int badop=0,bugs=0;

	int ret=1;

	int off=0;
@@ -483,6 +484,11 @@ int MAIN(int argc, char *argv[]) 
			if (--argc < 1) goto bad;

			s_key_file= *(++argv);

			}

		else if	(strcmp(*argv,"-dhparam") == 0)

			{

			if (--argc < 1) goto bad;

			dhfile = *(++argv);

			}

		else if	(strcmp(*argv,"-dcert") == 0)

			{

			if (--argc < 1) goto bad;
@@ -643,8 +649,7 @@ bad: 
#ifndef NO_DH

	if (!no_dhe)

		{

		/* EAY EAY EAY evil hack */

		dh=load_dh_param();

		dh=load_dh_param(dhfile ? dhfile : s_cert_file);

		if (dh != NULL)

			{

			BIO_printf(bio_s_out,"Setting temp DH parameters\n");
@@ -1076,12 +1081,12 @@ static int init_ssl_connection(SSL *con) 
	}



#ifndef NO_DH

static DH *load_dh_param(void)

static DH *load_dh_param(char *dhfile)

	{

	DH *ret=NULL;

	BIO *bio;



	if ((bio=BIO_new_file(DH_PARAM,"r")) == NULL)

	if ((bio=BIO_new_file(dhfile,"r")) == NULL)

		goto err;

	ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);

err: