[PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function
Piotr Sikora
piotr at cloudflare.com
Tue Jul 8 10:22:21 UTC 2014
Hey Maxim,
> I don't think it's time to remove it, but as I previously said, I
> will be fine with something like this:
>
> diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
> --- a/src/event/ngx_event_openssl.c
> +++ b/src/event/ngx_event_openssl.c
> @@ -652,12 +652,16 @@ ngx_ssl_rsa512_key_callback(ngx_ssl_conn
> {
> static RSA *key;
>
> +#ifndef OPENSSL_NO_DEPRECATED
> +
> if (key_length == 512) {
> if (key == NULL) {
> key = RSA_generate_key(512, RSA_F4, NULL, NULL);
> }
> }
>
> +#endif
> +
> return key;
> }
>
>
> This won't change anything for normal builds, but will allow test
> builds with OPENSSL_NO_DEPRECATED defined.
I'd prefer to see the RSA_generate_key_ex() being used (even though
it's more complex interface), but I don't care enough to fight over
this, so I guess your patch is "good enough", however I'd like to see
my patch #2 applied first (i.e. if key_length != 512 return NULL), so
that only RSA_generate_key() is being guarded.
Best regards,
Piotr Sikora
More information about the nginx-devel
mailing list