diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 1999-10-04 23:56:06 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 1999-10-04 23:56:06 +0000 |
| commit | 3908cdf442e3394ee7fa52b46d8715796ca5ea6a (patch) | |
| tree | a3352f2fc694f0431d73b790e42a5d1989738da4 /apps/s_server.c | |
| parent | 3ea23631d4d840429dbe026f50e8f46a5187054f (diff) | |
| download | openssl-3908cdf442e3394ee7fa52b46d8715796ca5ea6a.tar.gz | |
New option -dhparam to s_server to allow the DH parameter file to be set
explicitly. Previously it couldn't be changed because it was hard coded as
"server.pem".
Diffstat (limited to 'apps/s_server.c')
| -rw-r--r-- | apps/s_server.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index da0f2ff116..ca22b2f2ca 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -108,7 +108,7 @@ static void sv_usage(void); static int init_ssl_connection(SSL *s); static void print_stats(BIO *bp,SSL_CTX *ctx); #ifndef NO_DH -static DH *load_dh_param(void ); +static DH *load_dh_param(char *dhfile); static DH *get_dh512(void); #endif #ifdef MONOLITH @@ -160,8 +160,6 @@ static int accept_socket= -1; #undef PROG #define PROG s_server_main -#define DH_PARAM "server.pem" - extern int verify_depth; static char *cipher=NULL; @@ -217,10 +215,12 @@ static void sv_usage(void) BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); BIO_printf(bio_err," (default is %s)\n",TEST_CERT); - BIO_printf(bio_err," -key arg - RSA file to use, PEM format assumed, in cert file if\n"); + BIO_printf(bio_err," -key arg - Private Key file to use, PEM format assumed, in cert file if\n"); BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n"); BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n"); + BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n"); + BIO_printf(bio_err," or a default set of parameters is used\n"); #ifdef FIONBIO BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); #endif @@ -406,6 +406,7 @@ int MAIN(int argc, char *argv[]) short port=PORT; char *CApath=NULL,*CAfile=NULL; char *context = NULL; + char *dhfile = NULL; int badop=0,bugs=0; int ret=1; int off=0; @@ -483,6 +484,11 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; s_key_file= *(++argv); } + else if (strcmp(*argv,"-dhparam") == 0) + { + if (--argc < 1) goto bad; + dhfile = *(++argv); + } else if (strcmp(*argv,"-dcert") == 0) { if (--argc < 1) goto bad; @@ -643,8 +649,7 @@ bad: #ifndef NO_DH if (!no_dhe) { - /* EAY EAY EAY evil hack */ - dh=load_dh_param(); + dh=load_dh_param(dhfile ? dhfile : s_cert_file); if (dh != NULL) { BIO_printf(bio_s_out,"Setting temp DH parameters\n"); @@ -1076,12 +1081,12 @@ static int init_ssl_connection(SSL *con) } #ifndef NO_DH -static DH *load_dh_param(void) +static DH *load_dh_param(char *dhfile) { DH *ret=NULL; BIO *bio; - if ((bio=BIO_new_file(DH_PARAM,"r")) == NULL) + if ((bio=BIO_new_file(dhfile,"r")) == NULL) goto err; ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL); err: |