[PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function

Piotr Sikora piotr at cloudflare.com
Mon Jul 7 02:16:44 UTC 2014

Hey Maxim,

> I can't say I like this change - it introduces lots of code for no
> real reason.
> And I don't think we should follow some arbitrarily set
> "deprecated" flag introduced for an unknown reasons years ago and
> still undocumented in the latest release (much like the
> replacement function).  Moreover, the RSA_generate_key() is still
> used in OpenSSL's own codebase, as well as in multiple demos and
> man pages.

RSA_generate_key() is clearly marked as deprecated in the OpenSSL's
documentation [1] and RSA_generate_key_ex() is documented on the same

I don't think we should blindly follow -DOPENSSL_NO_DEPRECATED and
-DOPENSSL_NO_SSL_INTERN, but it's useful to find potential issues with
existing code.

[1] https://www.openssl.org/docs/crypto/RSA_generate_key.html

Best regards,
Piotr Sikora

More information about the nginx-devel mailing list