[PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function
Maxim Dounin
mdounin at mdounin.ru
Wed Jul 9 01:50:53 UTC 2014
Hello!
On Tue, Jul 08, 2014 at 03:22:21AM -0700, Piotr Sikora wrote:
> Hey Maxim,
>
> > I don't think it's time to remove it, but as I previously said, I
> > will be fine with something like this:
> >
> > diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
> > --- a/src/event/ngx_event_openssl.c
> > +++ b/src/event/ngx_event_openssl.c
> > @@ -652,12 +652,16 @@ ngx_ssl_rsa512_key_callback(ngx_ssl_conn
> > {
> > static RSA *key;
> >
> > +#ifndef OPENSSL_NO_DEPRECATED
> > +
> > if (key_length == 512) {
> > if (key == NULL) {
> > key = RSA_generate_key(512, RSA_F4, NULL, NULL);
> > }
> > }
> >
> > +#endif
> > +
> > return key;
> > }
> >
> >
> > This won't change anything for normal builds, but will allow test
> > builds with OPENSSL_NO_DEPRECATED defined.
>
> I'd prefer to see the RSA_generate_key_ex() being used (even though
> it's more complex interface), but I don't care enough to fight over
> this, so I guess your patch is "good enough", however I'd like to see
> my patch #2 applied first (i.e. if key_length != 512 return NULL), so
> that only RSA_generate_key() is being guarded.
Committed with other patches of this series, thanks.
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list