[PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function

Piotr Sikora piotr at cloudflare.com
Mon Jul 7 22:02:14 UTC 2014

Hey Maxim,

> It's marked as deprecated in master branch, but not in the latest
> release.  Try looking into the latest release docs, 1.0.1h -
> doc/crypto/RSA_generate_key.pod doesn't even mention
> RSA_generate_key_ex.

It's been deprecated before OpenSSL-0.9.8 release, see git history [1].

OpenSSL's documentation is terrible source of information and that's
not news - nginx itself is using a lot of undocumented functions,
especially in the OCSP stapling code.

> Sure, it can and likely will be helpful.  In this particular case
> the replacement code seems to be too long though.  For
> development needs, it will probably be enough to just return NULL
> if OPENSSL_NO_DEPRECATED is defined.

Sigh, I really don't think that the amount of code is really a problem
here... But if you're really unhappy with it, maybe let's just remove
the callback altogether? It's not like it's used with nginx's default
ciphers list and I'm not aware of anything since Windows NT 4.0 that
would require it.

[1] https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9d473aa2e4076beb959bc9701786a0860877ee12

Best regards,
Piotr Sikora

More information about the nginx-devel mailing list