| SSL_CTX_set_tmp_dh_callback.3 (206048) | SSL_CTX_set_tmp_dh_callback.3 (215698) |
|---|---|
| 1.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 | 1.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) |
| 2.\" 3.\" Standard preamble: 4.\" ======================================================================== | 2.\" 3.\" Standard preamble: 4.\" ======================================================================== |
| 5.de Sh \" Subsection heading 6.br 7.if t .Sp 8.ne 5 9.PP 10\fB\\$1\fR 11.PP 12.. | |
| 13.de Sp \" Vertical space (when we can't use .PP) 14.if t .sp .5v 15.if n .sp 16.. 17.de Vb \" Begin verbatim text 18.ft CW 19.nf 20.ne \\$1 21.. 22.de Ve \" End verbatim text 23.ft R 24.fi 25.. 26.\" Set up some character translations and predefined strings. \*(-- will 27.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | 5.de Sp \" Vertical space (when we can't use .PP) 6.if t .sp .5v 7.if n .sp 8.. 9.de Vb \" Begin verbatim text 10.ft CW 11.nf 12.ne \\$1 13.. 14.de Ve \" End verbatim text 15.ft R 16.fi 17.. 18.\" Set up some character translations and predefined strings. \*(-- will 19.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left |
| 28.\" double quote, and \*(R" will give a right double quote. | will give a 29.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to 30.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' 31.\" expand to `' in nroff, nothing in troff, for use with C<>. 32.tr \(*W-|\(bv\*(Tr | 20.\" double quote, and \*(R" will give a right double quote. \*(C+ will 21.\" give a nicer C++. Capital omega is used to do unbreakable dashes and 22.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, 23.\" nothing in troff, for use with C<>. 24.tr \(*W- |
| 33.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' 34.ie n \{\ 35. ds -- \(*W- 36. ds PI pi 37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch 38. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch 39. ds L" "" 40. ds R" "" 41. ds C` "" 42. ds C' "" 43'br\} 44.el\{\ 45. ds -- \|\(em\| 46. ds PI \(*p 47. ds L" `` 48. ds R" '' 49'br\} 50.\" | 25.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' 26.ie n \{\ 27. ds -- \(*W- 28. ds PI pi 29. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch 30. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch 31. ds L" "" 32. ds R" "" 33. ds C` "" 34. ds C' "" 35'br\} 36.el\{\ 37. ds -- \|\(em\| 38. ds PI \(*p 39. ds L" `` 40. ds R" '' 41'br\} 42.\" |
| 43.\" Escape single quotes in literal strings from groff's Unicode transform. 44.ie \n(.g .ds Aq \(aq 45.el .ds Aq ' 46.\" |
|
| 51.\" If the F register is turned on, we'll generate index entries on stderr for | 47.\" If the F register is turned on, we'll generate index entries on stderr for |
| 52.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index | 48.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index |
| 53.\" entries marked with X<> in POD. Of course, you'll have to process the 54.\" output yourself in some meaningful fashion. | 49.\" entries marked with X<> in POD. Of course, you'll have to process the 50.\" output yourself in some meaningful fashion. |
| 55.if \nF \{\ | 51.ie \nF \{\ |
| 56. de IX 57. tm Index:\\$1\t\\n%\t"\\$2" 58.. 59. nr % 0 60. rr F 61.\} | 52. de IX 53. tm Index:\\$1\t\\n%\t"\\$2" 54.. 55. nr % 0 56. rr F 57.\} |
| 58.el \{\ 59. de IX 60.. 61.\} |
|
| 62.\" | 62.\" |
| 63.\" For nroff, turn off justification. Always turn off hyphenation; it makes 64.\" way too many mistakes in technical documents. 65.hy 0 66.if n .na 67.\" | |
| 68.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). 69.\" Fear. Run. Save yourself. No user-serviceable parts. 70. \" fudge factors for nroff and troff 71.if n \{\ 72. ds #H 0 73. ds #V .8m 74. ds #F .3m 75. ds #[ \f1 --- 48 unchanged lines hidden (view full) --- 124. ds Th \o'LP' 125. ds ae ae 126. ds Ae AE 127.\} 128.rm #[ #] #H #V #F C 129.\" ======================================================================== 130.\" 131.IX Title "SSL_CTX_set_tmp_dh_callback 3" | 63.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). 64.\" Fear. Run. Save yourself. No user-serviceable parts. 65. \" fudge factors for nroff and troff 66.if n \{\ 67. ds #H 0 68. ds #V .8m 69. ds #F .3m 70. ds #[ \f1 --- 48 unchanged lines hidden (view full) --- 119. ds Th \o'LP' 120. ds ae ae 121. ds Ae AE 122.\} 123.rm #[ #] #H #V #F C 124.\" ======================================================================== 125.\" 126.IX Title "SSL_CTX_set_tmp_dh_callback 3" |
| 132.TH SSL_CTX_set_tmp_dh_callback 3 "2010-03-24" "0.9.8n" "OpenSSL" | 127.TH SSL_CTX_set_tmp_dh_callback 3 "2010-11-16" "0.9.8p" "OpenSSL" 128.\" For nroff, turn off justification. Always turn off hyphenation; it makes 129.\" way too many mistakes in technical documents. 130.if n .ad l 131.nh |
| 133.SH "NAME" 134SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle DH keys for ephemeral key exchange 135.SH "SYNOPSIS" 136.IX Header "SYNOPSIS" 137.Vb 1 138\& #include <openssl/ssl.h> | 132.SH "NAME" 133SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle DH keys for ephemeral key exchange 134.SH "SYNOPSIS" 135.IX Header "SYNOPSIS" 136.Vb 1 137\& #include <openssl/ssl.h> |
| 139.Ve 140.PP 141.Vb 3 | 138\& |
| 142\& void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, 143\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); 144\& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); | 139\& void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, 140\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); 141\& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); |
| 145.Ve 146.PP 147.Vb 3 | 142\& |
| 148\& void SSL_set_tmp_dh_callback(SSL_CTX *ctx, 149\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); 150\& long SSL_set_tmp_dh(SSL *ssl, DH *dh) | 143\& void SSL_set_tmp_dh_callback(SSL_CTX *ctx, 144\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); 145\& long SSL_set_tmp_dh(SSL *ssl, DH *dh) |
| 151.Ve 152.PP 153.Vb 1 | 146\& |
| 154\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); 155.Ve 156.SH "DESCRIPTION" 157.IX Header "DESCRIPTION" 158\&\fISSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be 159used when a \s-1DH\s0 parameters are required to \fBtmp_dh_callback\fR. 160The callback is inherited by all \fBssl\fR objects created from \fBctx\fR. 161.PP --- 50 unchanged lines hidden (view full) --- 212openssl \fIdhparam\fR\|(1) application. In order to reduce the computer 213time needed for this generation, it is possible to use \s-1DSA\s0 parameters 214instead (see \fIdhparam\fR\|(1)), but in this case \s-1SSL_OP_SINGLE_DH_USE\s0 215is mandatory. 216.PP 217Application authors may compile in \s-1DH\s0 parameters. Files dh512.pem, 218dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current 219version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, | 147\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); 148.Ve 149.SH "DESCRIPTION" 150.IX Header "DESCRIPTION" 151\&\fISSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be 152used when a \s-1DH\s0 parameters are required to \fBtmp_dh_callback\fR. 153The callback is inherited by all \fBssl\fR objects created from \fBctx\fR. 154.PP --- 50 unchanged lines hidden (view full) --- 205openssl \fIdhparam\fR\|(1) application. In order to reduce the computer 206time needed for this generation, it is possible to use \s-1DSA\s0 parameters 207instead (see \fIdhparam\fR\|(1)), but in this case \s-1SSL_OP_SINGLE_DH_USE\s0 208is mandatory. 209.PP 210Application authors may compile in \s-1DH\s0 parameters. Files dh512.pem, 211dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current 212version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, |
| 220which use safe primes and were generated verifiably pseudo\-randomly. | 213which use safe primes and were generated verifiably pseudo-randomly. |
| 221These files can be converted into C code using the \fB\-C\fR option of the 222\&\fIdhparam\fR\|(1) application. 223Authors may also generate their own set of parameters using 224\&\fIdhparam\fR\|(1), but a user may not be sure how the parameters were 225generated. The generation of \s-1DH\s0 parameters during installation is therefore 226recommended. 227.PP 228An application may either directly specify the \s-1DH\s0 parameters or --- 10 unchanged lines hidden (view full) --- 239partly left out.) 240.PP 241.Vb 5 242\& ... 243\& /* Set up ephemeral DH stuff */ 244\& DH *dh_512 = NULL; 245\& DH *dh_1024 = NULL; 246\& FILE *paramfile; | 214These files can be converted into C code using the \fB\-C\fR option of the 215\&\fIdhparam\fR\|(1) application. 216Authors may also generate their own set of parameters using 217\&\fIdhparam\fR\|(1), but a user may not be sure how the parameters were 218generated. The generation of \s-1DH\s0 parameters during installation is therefore 219recommended. 220.PP 221An application may either directly specify the \s-1DH\s0 parameters or --- 10 unchanged lines hidden (view full) --- 232partly left out.) 233.PP 234.Vb 5 235\& ... 236\& /* Set up ephemeral DH stuff */ 237\& DH *dh_512 = NULL; 238\& DH *dh_1024 = NULL; 239\& FILE *paramfile; |
| 247.Ve 248.PP 249.Vb 14 | 240\& |
| 250\& ... | 241\& ... |
| 251\& /* "openssl dhparam -out dh_param_512.pem -2 512" */ | 242\& /* "openssl dhparam \-out dh_param_512.pem \-2 512" */ |
| 252\& paramfile = fopen("dh_param_512.pem", "r"); 253\& if (paramfile) { 254\& dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); 255\& fclose(paramfile); 256\& } | 243\& paramfile = fopen("dh_param_512.pem", "r"); 244\& if (paramfile) { 245\& dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); 246\& fclose(paramfile); 247\& } |
| 257\& /* "openssl dhparam -out dh_param_1024.pem -2 1024" */ | 248\& /* "openssl dhparam \-out dh_param_1024.pem \-2 1024" */ |
| 258\& paramfile = fopen("dh_param_1024.pem", "r"); 259\& if (paramfile) { 260\& dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); 261\& fclose(paramfile); 262\& } 263\& ... | 249\& paramfile = fopen("dh_param_1024.pem", "r"); 250\& if (paramfile) { 251\& dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); 252\& fclose(paramfile); 253\& } 254\& ... |
| 264.Ve 265.PP 266.Vb 3 267\& /* "openssl dhparam -C -2 512" etc... */ | 255\& 256\& /* "openssl dhparam \-C \-2 512" etc... */ |
| 268\& DH *get_dh512() { ... } 269\& DH *get_dh1024() { ... } | 257\& DH *get_dh512() { ... } 258\& DH *get_dh1024() { ... } |
| 270.Ve 271.PP 272.Vb 3 | 259\& |
| 273\& DH *tmp_dh_callback(SSL *s, int is_export, int keylength) 274\& { 275\& DH *dh_tmp=NULL; | 260\& DH *tmp_dh_callback(SSL *s, int is_export, int keylength) 261\& { 262\& DH *dh_tmp=NULL; |
| 276.Ve 277.PP 278.Vb 17 | 263\& |
| 279\& switch (keylength) { 280\& case 512: 281\& if (!dh_512) 282\& dh_512 = get_dh512(); 283\& dh_tmp = dh_512; 284\& break; 285\& case 1024: 286\& if (!dh_1024) --- 23 unchanged lines hidden --- | 264\& switch (keylength) { 265\& case 512: 266\& if (!dh_512) 267\& dh_512 = get_dh512(); 268\& dh_tmp = dh_512; 269\& break; 270\& case 1024: 271\& if (!dh_1024) --- 23 unchanged lines hidden --- |