reproducible_dh.h.patch

diff --git a/configure b/configure
index c29cd05..fa4ea7f 100755
--- a/configure
+++ b/configure
@@ -7759,29 +7759,6 @@ fi
 
 			$as_echo "#define USE_SSL_DH 1" >>confdefs.h
 
-			# Generate DH parameters
-			if test -f "$sslbin"; then
-				echo ""
-				echo "*** Generating DH Parameters for SSL/TLS ***"
-				# OpenSSL 3 removes dhparam -C
-				# check version and use our own parser if needed
-				nagios_ssl_major_version=`$sslbin version | cut -d' ' -f2 | cut -d. -f1`
-
-				test -d include || mkdir include
-				if test "x$nagios_ssl_major_version" = "x3"; then
-
-cat >>confdefs.h <<_ACEOF
-#define OPENSSL_V3 1
-_ACEOF
-
-					test -d src || mkdir src
-					$CC ${srcdir}/src/print_c_code.c -o src/print_c_code
-					$sslbin dhparam -text 2048 | ./src/print_c_code > include/dh.h
-				else
-					# awk to strip off meta data at bottom of dhparam output
-					$sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
-				fi
-			fi
 		fi
 	fi
 fi
diff --git a/include/dh.h b/include/dh.h
new file mode 100644
index 0000000..36b773a
--- /dev/null
+++ b/include/dh.h
@@ -0,0 +1,36 @@
+DH *get_dh2048()
+{
+	static unsigned char dh2048_p[]={
+		0x91,0xAA,0xE1,0xBA,0xEA,0xB0,0x39,0xE3,0x26,0x8D,0xC5,0x74,0xAD,0x5D,0x71,
+		0xC2,0x4D,0x31,0x31,0xEA,0x57,0x97,0xD2,0x95,0x48,0xDD,0x1F,0x6C,0xE1,0xF4,
+		0x8F,0xFE,0x90,0xFC,0xDD,0xEF,0x17,0x36,0x23,0xE4,0x44,0x43,0xDD,0x0C,0xED,
+		0xBE,0xF3,0x00,0x30,0xAB,0xCD,0xDC,0x35,0xC4,0x36,0xFF,0x37,0xDF,0xE0,0x43,
+		0x2F,0x84,0x3C,0x59,0x55,0x75,0x1F,0x00,0x08,0x88,0x1D,0xA9,0xDE,0xA0,0x79,
+		0x11,0x42,0x96,0x2E,0xE8,0xB8,0x8A,0x2C,0x49,0x92,0x9A,0x4D,0xA8,0x07,0xC6,
+		0x7F,0x25,0x55,0xCA,0x2A,0xF8,0x8C,0x55,0x48,0xBD,0xC6,0xB7,0x28,0xB2,0x27,
+		0xFA,0xD8,0xB3,0x41,0x40,0x10,0x59,0x0D,0x88,0xD4,0xEF,0x68,0xD5,0x1A,0x9A,
+		0x9D,0x23,0xC2,0x6F,0xFE,0xB8,0xAC,0x18,0x55,0x10,0xB1,0x05,0x52,0xA5,0x9C,
+		0xF1,0x35,0x1B,0x82,0xC1,0x85,0xD5,0x82,0xB4,0x01,0xCC,0x60,0x8C,0x5F,0x68,
+		0xBE,0x83,0x32,0x31,0x61,0x24,0x6C,0xB5,0x33,0x28,0x6D,0x4A,0x89,0xE5,0x6F,
+		0xB5,0x40,0xE6,0xE8,0x73,0xD0,0xBE,0x83,0x5A,0x92,0xC6,0xA3,0x2A,0xD9,0x3B,
+		0xCE,0xC0,0x02,0x4E,0xB4,0x9F,0xAD,0x24,0x95,0x7C,0x2F,0xA9,0xBD,0x92,0xA2,
+		0xB3,0xE3,0x1E,0xBB,0xAE,0x00,0xB2,0xFB,0x3E,0x31,0xA9,0x64,0xA6,0x0B,0x93,
+		0xCD,0x21,0x74,0x04,0xDE,0x2F,0x8C,0xA1,0xB2,0x54,0x9C,0x1D,0xB2,0x7C,0x70,
+		0x4F,0x63,0xE8,0xE1,0xBE,0x68,0x06,0x25,0xE1,0x9A,0xD2,0x3A,0x8A,0x08,0xE3,
+		0x98,0x60,0x39,0xA2,0x6D,0x27,0xF2,0x9D,0x4E,0x3A,0xBD,0x1D,0x45,0x60,0xB7,
+		0x17,
+	};
+	static unsigned char dh2048_g[]={
+		0x02,
+	};
+	DH *dh;
+
+	if ((dh=DH_new()) == NULL) return(NULL);
+	BIGNUM *p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+	BIGNUM *g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+	if ((p == NULL) || (g == NULL))
+		{ DH_free(dh); return(NULL); }
+	int result = DH_set0_pqg(dh, p, NULL, g);
+	if (result == 0)		{ DH_free(dh); return(NULL); }
+	return(dh);
+}
diff --git a/macros/ax_nagios_get_ssl b/macros/ax_nagios_get_ssl
index 2b94b9d..0295abf 100644
--- a/macros/ax_nagios_get_ssl
+++ b/macros/ax_nagios_get_ssl
@@ -290,25 +290,6 @@ if test x$SSL_TYPE != xNONE; then
 		if test x$need_dh = xyes; then
 			AC_PATH_PROG(sslbin,openssl,value-if-not-found,$ssl_dir/sbin$PATH_SEPARATOR$ssl_dir/bin$PATH_SEPARATOR$PATH)
 			AC_DEFINE(USE_SSL_DH)
-			# Generate DH parameters
-			if test -f "$sslbin"; then
-				echo ""
-				echo "*** Generating DH Parameters for SSL/TLS ***"
-				# OpenSSL 3 removes dhparam -C
-				# check version and use our own parser if needed
-				nagios_ssl_major_version=`$sslbin version | cut -d' ' -f2 | cut -d. -f1`
-
-				test -d include || mkdir include
-				if test "x$nagios_ssl_major_version" = "x3"; then
-					AC_DEFINE_UNQUOTED(OPENSSL_V3,[1],[Have OpenSSL v3])
-					test -d src || mkdir src
-					$CC ${srcdir}/src/print_c_code.c -o src/print_c_code
-					$sslbin dhparam -text 2048 | ./src/print_c_code > include/dh.h
-				else
-					# awk to strip off meta data at bottom of dhparam output
-					$sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
-				fi
-			fi
 		fi
 	fi
 fi