Remove dhparam from SSL_CONF list.
authorDr. Stephen Henson <steve@openssl.org>
Sat, 23 Sep 2017 00:03:16 +0000 (01:03 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Sat, 23 Sep 2017 12:37:21 +0000 (13:37 +0100)
Avoid duplicate assertion by removing dhparam from SSL_CONF parameter list:
dhparam is handled manually by s_server.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4408)

apps/apps.h

index 6984f166e82e0774f19057e7761d253d6a2f78f5..70c9278c6f3307eded9982820015508e0b0a8ea4 100644 (file)
@@ -206,7 +206,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
         OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
         OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \
         OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \
-        OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_DHPARAM, \
+        OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \
         OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \
         OPT_S_NO_RENEGOTIATION, OPT_S__LAST
 
@@ -248,8 +248,6 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
         {"named_curve", OPT_S_NAMEDCURVE, 's', \
             "Elliptic curve used for ECDHE (server-side only)" }, \
         {"cipher", OPT_S_CIPHER, 's', "Specify cipher list to be used"}, \
-        {"dhparam", OPT_S_DHPARAM, '<', \
-            "DH parameter file to use, in cert file if not specified"}, \
         {"record_padding", OPT_S_RECORD_PADDING, 's', \
             "Block size to pad TLS 1.3 records to."}, \
         {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
@@ -280,7 +278,6 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
         case OPT_S_CURVES: \
         case OPT_S_NAMEDCURVE: \
         case OPT_S_CIPHER: \
-        case OPT_S_DHPARAM: \
         case OPT_S_RECORD_PADDING: \
         case OPT_S_NO_RENEGOTIATION: \
         case OPT_S_DEBUGBROKE