[PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function

Maxim Dounin mdounin at mdounin.ru
Mon Jul 7 13:04:49 UTC 2014


On Sun, Jul 06, 2014 at 07:16:44PM -0700, Piotr Sikora wrote:

> Hey Maxim,
> > I can't say I like this change - it introduces lots of code for no
> > real reason.
> >
> > And I don't think we should follow some arbitrarily set
> > "deprecated" flag introduced for an unknown reasons years ago and
> > still undocumented in the latest release (much like the
> > replacement function).  Moreover, the RSA_generate_key() is still
> > used in OpenSSL's own codebase, as well as in multiple demos and
> > man pages.
> RSA_generate_key() is clearly marked as deprecated in the OpenSSL's
> documentation [1] and RSA_generate_key_ex() is documented on the same
> page.

It's marked as deprecated in master branch, but not in the latest 
release.  Try looking into the latest release docs, 1.0.1h - 
doc/crypto/RSA_generate_key.pod doesn't even mention 

> I don't think we should blindly follow -DOPENSSL_NO_DEPRECATED and
> -DOPENSSL_NO_SSL_INTERN, but it's useful to find potential issues with
> existing code.

Sure, it can and likely will be helpful.  In this particular case 
the replacement code seems to be too long though.  For 
development needs, it will probably be enough to just return NULL 
Maxim Dounin

More information about the nginx-devel mailing list