Check-in [b7c82a6aae]
EuroTcl/OpenACS 11 - 12 JULY 2024, VIENNA
Overview
Comment:Applied patch to correct generate Diffie-Hellman (DH) parameters. Source: File: gen_dh_params.patch
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: b7c82a6aae6943f16beeddedbcfef5b182b0934a48af7ffa60538be5ff5bd6d1
User & Date: bohagan on 2023-03-05 00:15:51
Other Links: manifest | tags
Context
2023-03-05
01:35
Patch by Sergei Golovan (Debian) to replace 1024 bit certificates with 2048 bit ones because the new OpenSSL refuses to load small keys ("ee key too small"). Source: https://sources.debian.org/src/tcltls/1.7.22-3/debian/patches/certs-tests.patch check-in: 6e0ab0e0eb user: bohagan tags: trunk
00:15
Applied patch to correct generate Diffie-Hellman (DH) parameters. Source: File: gen_dh_params.patch check-in: b7c82a6aae user: bohagan tags: trunk
2023-03-04
23:33
Patch by Sergei Golovan (Debian) to fix the compiler warnings about implicit fall-through in case. Source: File: https://sources.debian.org/src/tcltls/1.7.22-3/debian/patches/fall-through.patch check-in: e2e798877b user: bohagan tags: trunk
Changes

Modified gen_dh_params from [2613dfd476] to [90177a1658].

10
11
12
13
14
15
16
17
18
19
20
21




22
23
24
25
26
27
28
29
30
10
11
12
13
14
15
16





17
18
19
20


21
22
23
24
25
26
27







-
-
-
-
-
+
+
+
+
-
-







		bits=*)
			bits="`echo "${arg}" | cut -f 2 -d =`"
			;;
	esac
done

openssl_dhparam() {
	if [ -x "`which openssl 2>/dev/null`" ]; then
		o_output="`openssl dhparam -C "$@" 2>/dev/null`" || return 1
		o_output="`echo "${o_output}" | sed 's/get_dh[0-9][0-9]*/get_dhParams/'`" || return 1
		o_output="`echo "${o_output}" | sed '/^-----BEGIN DH PARAMETERS-----$/,/^-----END DH PARAMETERS-----$/ d;/^#/ d'`" || return 1

	if openssl dhparam -C "$@" | sed	\
	    -e 's/^\(static \)*DH \*get_dh[0-9]*/static DH *get_dhParams/'	\
	    -e '/^-----BEGIN DH PARAMETERS-----$/,/^-----END DH PARAMETERS-----$/ d;/^#/ d'
	then
		echo "${o_output}"

		return 0
	fi

	return 1
}

gen_dh_params_openssl() {
267
268
269
270
271
272
273

274

275

276
277
278
279
280
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280







+

+

+





	exit 1
fi

echo "*****************************" >&2
echo "** Generating DH Primes.   **" >&2
echo "** This will take a while. **" >&2
echo "*****************************" >&2
echo "Use OpenSSL" >&2
gen_dh_params_openssl && exit 0
echo "Use Remote" >&2
gen_dh_params_remote && exit 0
echo "Use fallback" >&2
gen_dh_params_fallback && exit 0

echo "Unable to generate parameters for DH of ${bits} bits" >&2

exit 1