[PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function

Maxim Dounin mdounin at mdounin.ru
Wed Jul 9 01:50:53 UTC 2014


Hello!

On Tue, Jul 08, 2014 at 03:22:21AM -0700, Piotr Sikora wrote:

> Hey Maxim,
> 
> > I don't think it's time to remove it, but as I previously said, I
> > will be fine with something like this:
> >
> > diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
> > --- a/src/event/ngx_event_openssl.c
> > +++ b/src/event/ngx_event_openssl.c
> > @@ -652,12 +652,16 @@ ngx_ssl_rsa512_key_callback(ngx_ssl_conn
> >  {
> >      static RSA  *key;
> >
> > +#ifndef OPENSSL_NO_DEPRECATED
> > +
> >      if (key_length == 512) {
> >          if (key == NULL) {
> >              key = RSA_generate_key(512, RSA_F4, NULL, NULL);
> >          }
> >      }
> >
> > +#endif
> > +
> >      return key;
> >  }
> >
> >
> > This won't change anything for normal builds, but will allow test
> > builds with OPENSSL_NO_DEPRECATED defined.
> 
> I'd prefer to see the RSA_generate_key_ex() being used (even though
> it's more complex interface), but I don't care enough to fight over
> this, so I guess your patch is "good enough", however I'd like to see
> my patch #2 applied first (i.e. if key_length != 512 return NULL), so
> that only RSA_generate_key() is being guarded.

Committed with other patches of this series, thanks.

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx-devel mailing list