Overview
Comment: | Updated references to DH parameter bit sizes and ensure error messages are printed if generating fails entirely |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
83b1dea4d46e2bd47d767d3c3ce468ec |
User & Date: | rkeene on 2017-04-18 14:29:27 |
Other Links: | manifest | tags |
Context
2017-04-18
| ||
14:39 | Updated gen_dh_params to support specifying a number of bits -- currently the only supported value is 2048 check-in: b128e0d4e4 user: rkeene tags: trunk | |
14:29 | Updated references to DH parameter bit sizes and ensure error messages are printed if generating fails entirely check-in: 83b1dea4d4 user: rkeene tags: trunk | |
2016-12-17
| ||
15:43 | Integrated -autoservername feature (addresses [0d4541b86d]) check-in: 42735119d8 user: rkeene tags: trunk | |
Changes
Modified gen_dh_params
from [78d63b562d]
to [045a249871].
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | + | #! /usr/bin/env sh bits='2048' openssl_dhparam() { if [ -x "`which openssl 2>/dev/null`" ]; then o_output="`openssl dhparam -C "$@" 2>/dev/null`" || return 1 o_output="`echo "${o_output}" | sed 's/get_dh[0-9]\+/get_dhParams/'`" || return 1 o_output="`echo "${o_output}" | sed '/^-----BEGIN DH PARAMETERS-----$/,/^-----END DH PARAMETERS-----$/ d;/^#/ d'`" || return 1 echo "${o_output}" return 0 fi |
︙ | |||
32 33 34 35 36 37 38 | 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 | + - - + + | return 0 fi return 1 } gen_dh_params_fallback() { if [ "${bits}" = '2048' ]; then |
︙ | |||
89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 | 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 | + + + + + + + + + | BN_free(dhg_bn); return(NULL); } return(dh); } _EOF_ return 0 fi return 1 } # Enable support for giving the same DH params each time if [ "$1" = 'fallback' ]; then gen_dh_params_fallback && exit 0 echo "Unable to generate fallback parameters for DH of ${bits} bits" >&2 exit 1 fi echo "*****************************" >&2 echo "** Generating DH Primes. **" >&2 echo "** This will take a while. **" >&2 echo "*****************************" >&2 gen_dh_params_openssl && exit 0 gen_dh_params_remote && exit 0 gen_dh_params_fallback && exit 0 echo "Unable to generate parameters for DH of ${bits} bits" >&2 exit 1 |
Modified tls.c
from [347d650461]
to [57028b60c1].
︙ | |||
1177 1178 1179 1180 1181 1182 1183 | 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 | - + | if (!dh) { Tcl_AppendResult(interp, "Could not read DH parameters from file", (char *) NULL); SSL_CTX_free(ctx); return (SSL_CTX *)0; } } else { |
︙ |