From c42363abfec2ef543ee3a58432f9c3c084b11926 Mon Sep 17 00:00:00 2001
From: Asif Bacchus <asif@programming.bacchus.network>
Date: Mon, 7 Jan 2019 21:48:56 -0700
Subject: [PATCH] implemented dsaparm for faster generation better error check
 on dhparam generation

---
 setup.sh | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/setup.sh b/setup.sh
index 55e4088..9737d1c 100755
--- a/setup.sh
+++ b/setup.sh
@@ -48,6 +48,7 @@ unset inputPHPPort
 unset phpAddr
 unset phpPort
 unset phpSock
+unset dhsuccess
 
 # set variables
 regexIP4="(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])"
@@ -632,12 +633,11 @@ fi
 if [ "${generateDH}" -eq 1 ]; then
     echo -e "\n${mag}---------------------${norm}"
     echo -e "${cyan}Generating DH-Parameters file... this may take a while${norm}"
-    # delete existing (likely default) dhparam.pem
-    rm -f /etc/ssl/certs/dhparam.pem
     # generate 4096-bit DHParams and store in /etc/ssl/certs/dhparam.pem
-    openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
-    # verify non-zero length file generated
-    if [ -s "/etc/ssl/certs/dhparam.pem" ]; then
+    openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096
+    dhsuccess=$?
+    # verify no error reported and non-zero length file generated
+    if [ "${dhsuccess}" -eq 0 ] && [ -s "/etc/ssl/certs/dhparam.pem" ]; then
         echo -e "${ok}-- dhparam.pem generated --${norm}"
         # set DHParam to proper location
         DHPath='/etc/ssl/certs/dhparam.pem'