DH parameter reading in OPENSSL 3
Dirk Stöcker
openssl at dstoecker.de
Wed Jul 13 14:35:42 UTC 2022
Hello,
when upgrading to openssl3 my code states that some functions are
deprecated in openssl 3, but even after reading documentation I was
unable to find a non-deprecated replacement.
Task is to read DH parameters in PEM format from a file and use them for
the current "context" and if not available choose some defaults.
if((bio = BIO_new_file("filename", "r")))
{
DH *dh = PEM_read_bio_DHparams(bio, 0, 0, 0);
BIO_free(bio);
/* if no DH inside, try internal defaults */
if(!dh && (bio = BIO_new_mem_buf(dhparam, sizeof(dhparam))))
{
dh = PEM_read_bio_DHparams(bio, 0, 0, 0);
BIO_free(bio);
}
if(dh)
{
SSL_CTX_set_tmp_dh(context, dh);
DH_free(dh);
}
}
Now it seems the default can be replaced by
SSL_CTX_set_dh_auto(context, 1);
instead of the the internal values but I have no idea how to use
OSSL_DECODER to get the parameters and pass them to context. The
migrationg guide is really useless and the examples and the openssl
source also didn't help much.
Anybody who can help me? It's probably only a few calls when one knows
what to do.
Freedom in Peace
--
https://www.dstoecker.eu/ (PGP key available)
More information about the openssl-users
mailing list