[PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function
Piotr Sikora
piotr at cloudflare.com
Mon Jul 7 02:16:44 UTC 2014
Hey Maxim,
> I can't say I like this change - it introduces lots of code for no
> real reason.
>
> And I don't think we should follow some arbitrarily set
> "deprecated" flag introduced for an unknown reasons years ago and
> still undocumented in the latest release (much like the
> replacement function). Moreover, the RSA_generate_key() is still
> used in OpenSSL's own codebase, as well as in multiple demos and
> man pages.
RSA_generate_key() is clearly marked as deprecated in the OpenSSL's
documentation [1] and RSA_generate_key_ex() is documented on the same
page.
I don't think we should blindly follow -DOPENSSL_NO_DEPRECATED and
-DOPENSSL_NO_SSL_INTERN, but it's useful to find potential issues with
existing code.
[1] https://www.openssl.org/docs/crypto/RSA_generate_key.html
Best regards,
Piotr Sikora
More information about the nginx-devel
mailing list