SSL_FINISH.COM

[0001]
[0002]
[0003]
[0004]
[0005]
[0006]
[0007]
[0008]
[0009]
[0010]
[0011]
[0012]
[0013]
[0014]
[0015]
[0016]
[0017]
[0018]
[0019]
[0020]
[0021]
[0022]
[0023]
[0024]
[0025]
[0026]
[0027]
[0028]
[0029]
[0030]
[0031]
[0032]
[0033]
[0034]
[0035]
[0036]
[0037]
[0038]
[0039]
[0040]
[0041]
[0042]
[0043]
[0044]
[0045]
[0046]
[0047]
[0048]
[0049]
[0050]
[0051]
[0052]
[0053]
[0054]
[0055]
[0056]
[0057]
[0058]
[0059]
[0060]
[0061]
[0062]
[0063]
[0064]
[0065]
[0066]
[0067]
[0068]
[0069]
[0070]
[0071]
[0072]
[0073]
[0074]
[0075]
[0076]
[0077]
[0078]
[0079]
[0080]
[0081]
[0082]
[0083]
[0084]
[0085]
[0086]
[0087]
[0088]
[0089]
[0090]
[0091]
[0092]
[0093]
[0094]
[0095]
[0096]
[0097]
[0098]
[0099]
[0100]
[0101]
[0102]
[0103]
[0104]
[0105]

$!-----------------------------------------------------------------'f$verify(0)
$! SSL_FINISH.COM
$!
$! Copyright (C) 1996-2021 Mark G.Daniel.
$!
$! Licensed under the Apache License, Version 2.0 (the "License");
$! you may not use this file except in compliance with the License.
$! You may obtain a copy of the License at
$!
$!    http://www.apache.org/licenses/LICENSE-2.0
$!
$! Unless required by applicable law or agreed to in writing, software
$! distributed under the License is distributed on an "AS IS" BASIS,
$! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
$! See the License for the specific language governing permissions and
$! limitations under the License.
$!
$! Link the OpenSSL applications delivered as part of the WASD SSL package.
$!
$! 20-SEP-2018  MGD  WASD OpenSSL v1.1.n package MAKEAPPS.COM
$! 07-DEC-2002  MGD  initial (completely reworked for v8.1)
$!-----------------------------------------------------------------------------
$!
$ if f$trnlnm("INSTALL$DBUG") .nes. "" then set verify
$!
$ ss$_abort = 44
$ ss$_bugcheck = 676
$ say = "write sys$command"
$ on controly then exit ss$_abort
$!
$ if p1 .eqs. "BUILD" .or. p1 .eqs. "LINK"
$ then
$    if f$type(BUILD_HTTPD_WASD_SSL) .nes. ""
$    then
$       type sys$input
                   ***************************************
                   *  LINKING WASD OPENSSL APPLICATIONS  *
                   ***************************************

$       currentDefault = f$environment("DEFAULT")
$       set default 'BUILD_HTTPD_SSL_ROOT'
$       if f$search ("[.WASD]MAKEAPPS.COM") .nes. ""
$       then
$          set default [.WASD]
$          @MAKEAPPS
$       else
$          if f$search ("[.APPS]MAKEAPPS.COM") .nes. ""
$          then
$             set default [.APPS]
$             @MAKEAPPS
$          else
$             say "MAKEAPPS.COM not found"
$             exit ss$_abort
$          endif
$       endif
$       say ""
$       set default 'currentDefault'
$    endif
$ endif
$!
$ type sys$input
                         **************************
                         *  DH_PARAM SAFE PRIMES  *
                         **************************

Modern TLS protocols require elliptic curve cryptography, ephemeral keys and
Diffie-Hellman key exchange.  This is dependent on the availability of files
containing "safe prime" numbers in PEM format.  Ideally these are generated on
a per-site basis.  This can take *considerable* time depending on platform.

  $ SET DEFAULT WASD_ROOT:[LOCAL]
  $ OPENSSL DHPARAM -OUT DH_PARAM_512.PEM 512
  $ OPENSSL DHPARAM -OUT DH_PARAM_1024.PEM 1024
  $ OPENSSL DHPARAM -OUT DH_PARAM_2048.PEM 2048

Alternatively, when using the WASD OpenSSL package, the procedure

  $ @WASD_ROOT:[SRC.OPENSSL-1_n_n.WASD]CREATE_EPHEMERAL_DH_PARAM.COM

will generate the "safe prime" files as above, or as another alternative,
fresh "safe prime" files are generated with each release and can be copied
directly from the package.

  $ SET DEFAULT WASD_ROOT:[LOCAL]
  $ COPY [SRC.OPENSSL-1_0_n.WASD.CERT]DH_PARAM_*.PEM *
  $! or
  $ COPY [SRC.OPENSSL-1_1_n.WASD]DH_PARAM_*.PEM *
  $! depending on the WASD OpenSSL version

One of these three should be done after the install/update procedure concludes
and before starting the server.  Any can be repeated at any time and takes
effect at next server startup.

$ read sys$command response /prompt="Press RETURN to continue: "
$ say ""
$!
$ dgs = "delete/symbol/global"
$ if f$type(BUILD_HTTPD_OPEN_SSL) .nes. "" then dgs BUILD_HTTPD_OPEN_SSL
$ if f$type(BUILD_HTTPD_SSL) .nes. "" then dgs BUILD_HTTPD_SSL
$ if f$type(BUILD_HTTPD_SSL_ROOT) .nes. "" then dgs BUILD_HTTPD_SSL_ROOT
$ if f$type(BUILD_HTTPD_VMS_SSL) .nes. "" then dgs BUILD_HTTPD_VMS_SSL
$ if f$type(BUILD_HTTPD_WASD_SSL) .nes. "" then dgs BUILD_HTTPD_WASD_SSL
$!
$ exit
$!-----------------------------------------------------------------------------