Use pregenerated DH params when generating config

This commit is contained in:
Mark Haines 2014-09-01 20:35:10 +01:00
parent bcfaaf7da6
commit 8b69468e5f

View File

@ -19,6 +19,9 @@ from OpenSSL import crypto
import subprocess import subprocess
import os import os
GENERATE_DH_PARAMS=False
class TlsConfig(Config): class TlsConfig(Config):
def __init__(self, args): def __init__(self, args):
super(TlsConfig, self).__init__(args) super(TlsConfig, self).__init__(args)
@ -97,10 +100,29 @@ class TlsConfig(Config):
certifcate_file.write(cert_pem) certifcate_file.write(cert_pem)
if not os.path.exists(args.tls_dh_params_path): if not os.path.exists(args.tls_dh_params_path):
subprocess.check_call([ if GENERATE_DH_PARAMS:
"openssl", "dhparam", subprocess.check_call([
"-outform", "PEM", "openssl", "dhparam",
"-out", args.tls_dh_params_path, "-outform", "PEM",
"2048" "-out", args.tls_dh_params_path,
]) "2048"
])
else:
with open(args.tls_dh_params_path, "w") as dh_params_file:
dh_params_file.write(
"2048-bit DH parameters taken from rfc3526\n"
"-----BEGIN DH PARAMETERS-----\n"
"MIIBCAKCAQEA///////////JD9qiIWjC"
"NMTGYouA3BzRKQJOCIpnzHQCC76mOxOb\n"
"IlFKCHmONATd75UZs806QxswKwpt8l8U"
"N0/hNW1tUcJF5IW1dmJefsb0TELppjft\n"
"awv/XLb0Brft7jhr+1qJn6WunyQRfEsf"
"5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT\n"
"mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVS"
"u57VKQdwlpZtZww1Tkq8mATxdGwIyhgh\n"
"fDKQXkYuNs474553LBgOhgObJ4Oi7Aei"
"j7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq\n"
"5RXSJhiY+gUQFXKOWoqsqmj/////////"
"/wIBAg==\n"
"-----END DH PARAMETERS-----\n"
)