TclTLS
Check-in [b7c82a6aae]
Login
HomeTimelineDownloadBrowse SourceBranchesTagsTicketsWiki
Overview
Comment:Applied patch to correct generate Diffie-Hellman (DH) parameters. Source: File: gen_dh_params.patch
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: b7c82a6aae6943f16beeddedbcfef5b182b0934a48af7ffa60538be5ff5bd6d1
User & Date: bohagan on 2023-03-05 00:15:51
Other Links: manifest | tags
Context
2023-03-05
01:35
Patch by Sergei Golovan (Debian) to replace 1024 bit certificates with 2048 bit ones because the new OpenSSL refuses to load small keys ("ee key too small"). Source: https://sources.debian.org/src/tcltls/1.7.22-3/debian/patches/certs-tests.patch check-in: 6e0ab0e0eb user: bohagan tags: trunk
00:15
Applied patch to correct generate Diffie-Hellman (DH) parameters. Source: File: gen_dh_params.patch check-in: b7c82a6aae user: bohagan tags: trunk
2023-03-04
23:33
Patch by Sergei Golovan (Debian) to fix the compiler warnings about implicit fall-through in case. Source: File: https://sources.debian.org/src/tcltls/1.7.22-3/debian/patches/fall-through.patch check-in: e2e798877b user: bohagan tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Modified gen_dh_params from [2613dfd476] to [90177a1658]. 

10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

		bits=*)
			bits="`echo "${arg}" | cut -f 2 -d =`"
			;;
	esac
done

openssl_dhparam() {
	if [ -x "`which openssl 2>/dev/null`" ]; then
		o_output="`openssl dhparam -C "$@" 2>/dev/null`" || return 1
		o_output="`echo "${o_output}" | sed 's/get_dh[0-9][0-9]*/get_dhParams/'`" || return 1
		o_output="`echo "${o_output}" | sed '/^-----BEGIN DH PARAMETERS-----$/,/^-----END DH PARAMETERS-----$/ d;/^#/ d'`" || return 1

		echo "${o_output}"

		return 0
	fi

	return 1
}

gen_dh_params_openssl() {








<
|
|
|
|
<
<








10
11
12
13
14
15
16

17
18
19
20


21
22
23
24
25
26
27

		bits=*)
			bits="`echo "${arg}" | cut -f 2 -d =`"
			;;
	esac
done

openssl_dhparam() {

	if openssl dhparam -C "$@" | sed	\
	    -e 's/^\(static \)*DH \*get_dh[0-9]*/static DH *get_dhParams/'	\
	    -e '/^-----BEGIN DH PARAMETERS-----$/,/^-----END DH PARAMETERS-----$/ d;/^#/ d'
	then


		return 0
	fi

	return 1
}

gen_dh_params_openssl() {

267
268
269
270
271
272
273

274

275

276
277
278
279
280

	exit 1
fi

echo "*****************************" >&2
echo "** Generating DH Primes.   **" >&2
echo "** This will take a while. **" >&2
echo "*****************************" >&2

gen_dh_params_openssl && exit 0

gen_dh_params_remote && exit 0

gen_dh_params_fallback && exit 0

echo "Unable to generate parameters for DH of ${bits} bits" >&2

exit 1








>

>

>






264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280

	exit 1
fi

echo "*****************************" >&2
echo "** Generating DH Primes.   **" >&2
echo "** This will take a while. **" >&2
echo "*****************************" >&2
echo "Use OpenSSL" >&2
gen_dh_params_openssl && exit 0
echo "Use Remote" >&2
gen_dh_params_remote && exit 0
echo "Use fallback" >&2
gen_dh_params_fallback && exit 0

echo "Unable to generate parameters for DH of ${bits} bits" >&2

exit 1

Powered by Fossil · RSS