diff options
author | Peter Wu <peter@lekensteyn.nl> | 2016-09-17 18:34:52 +0200 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2016-09-17 18:34:52 +0200 |
commit | 50c8054d10ba7a56b1b11cea6f98d6496ac4ac71 (patch) | |
tree | 50e9e6ec7fe417deab642e60880cf7e4dc0248d0 | |
parent | 5a17d2a0a3aa6d7a672bd7cb4bf1362f2ede81e9 (diff) | |
download | wireshark-notes-50c8054d10ba7a56b1b11cea6f98d6496ac4ac71.tar.gz |
openssl-{connect,listen}: OpenSSL 1.1.0 compat
The options parser has changed, options now have to precede the
parameters (possible a bug, already reported to rt.openssl.org with
subject "Options after parameters are ignored in OpenSSL 1.1.0").
While at it, use COMPLEMENTOFALL instead of NULL since that possibly
includes more ciphers.
-rwxr-xr-x | openssl-connect | 2 | ||||
-rwxr-xr-x | openssl-listen | 10 |
2 files changed, 6 insertions, 6 deletions
diff --git a/openssl-connect b/openssl-connect index 77ba857..f4def7f 100755 --- a/openssl-connect +++ b/openssl-connect @@ -79,7 +79,7 @@ s_client_client_random() { # When stdin is a TTY, try all ciphers if [ -t 0 ]; then # Use only SSLv3 and TLSv1 ciphers, do not use SSLv2 - openssl ciphers -V -tls1 ALL:NULL + openssl ciphers -V -tls1 ALL:COMPLEMENTOFALL else # otherwise if not TTY, pass-through (useful for grep) cat diff --git a/openssl-listen b/openssl-listen index ddaf850..923d6a1 100755 --- a/openssl-listen +++ b/openssl-listen @@ -61,7 +61,7 @@ gen_pk() { openssl genrsa -out "$keyfile" ;; DSS) - openssl dsaparam 1024 | openssl gendsa /dev/stdin -out "$keyfile" + openssl dsaparam 1024 | openssl gendsa -out "$keyfile" /dev/stdin ;; ECDSA) openssl ecparam -name secp384r1 -out "$keyfile" -genkey @@ -99,8 +99,8 @@ start_server() { ECDH) crtfile=$ecc_pub keyfile=$ecc_prv - ca_key=$pkdir$rsa_prv - ca_crt=$pkdir$rsa_pub + ca_key=$rsa_prv + ca_crt=$rsa_pub port=$((portbase+2)) ;; DSS) @@ -117,12 +117,12 @@ start_server() { if [ ! -e "$pkdir$crtfile" ]; then gen_pk "$auth" \ "$pkdir$keyfile" "$pkdir$crtfile" \ - "$ca_key" "$ca_crt" || return 1 + "$pkdirca_key" "$pkdir$ca_crt" || return 1 fi # Enable insecure ciphers too, this script is for generating all possible # test samples supported by openssl. - opts+=( -cipher ALL:NULL ) + opts+=( -cipher ALL:COMPLEMENTOFALL ) openssl s_server -accept $port \ "${opts[@]}" \ |