dhparam will never generate parameters that fail DH_check(). It would be an
internal error if it did. I added a sanity check anyway and also brought the
documentation up to date. Commit eeb21772e.
Closing this ticket.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4244
Please
Code inspection suggests that when running "openssl dhparam -check -out foo
2048", the safety of the generated prime is only indicated via stdout.
I suggest one of three safety improvements here, in order of what I believe to
be decreasing safety:
(1) Regardless of whether the "-check" flag is