On 2016/02/02 14:10, Darren Tucker wrote:
> On Mon, Feb 01, 2016 at 12:56:43PM +0000, Stuart Henderson wrote:
> > Based on my memory of dtucker's earlier diff which I OK'd and lost :-)
>
> Below is the patch for reference (after some more turd polishing on my
> part). I also had second thoughts about generating it at build time for
> reasons of slowness and fingerprinting potential and never got back to it.
I have that one, but didn't forward that for those reasons (and
I didn't want to dig into all the implications of changing sizes)
it's the earlier one which updated the 512/1024 hardcoded values
that I didn't keep a copy of and was recreating here.
> > This updates the baked-in DH params of the apache 1.3 port for people
> > who haven't been able to migrate to a supported http server yet.
> > There's an explanation in the comment in the patch header.
> [...]
> > +The whole source file can be run as a perl script (note it uses
> > +indent(1) and .indent.pro files in your $HOME affect formatting).
>
> My diff cd'ed to and setenv'ed HOME to the buld working dir to avoid
> those dependencies (based on what the FreeBSD port did):
>
> (cd ${WRKSRC}/src/modules/ssl && ${SETENV} HOME=${WRKSRC} perl
> ssl_engine_dh.c)
Yes, that's definitely needed if it's generated during the build.
