Welcome! Log In Create A New Profile

Re: [PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function

Forum List Message List New Topic Print View

Maxim Dounin

July 07, 2014 09:06AM

Hello!

On Sun, Jul 06, 2014 at 07:16:44PM -0700, Piotr Sikora wrote:

> Hey Maxim,
>
> > I can't say I like this change - it introduces lots of code for no
> > real reason.
> >
> > And I don't think we should follow some arbitrarily set
> > "deprecated" flag introduced for an unknown reasons years ago and
> > still undocumented in the latest release (much like the
> > replacement function). Moreover, the RSA_generate_key() is still
> > used in OpenSSL's own codebase, as well as in multiple demos and
> > man pages.
>
> RSA_generate_key() is clearly marked as deprecated in the OpenSSL's
> documentation [1] and RSA_generate_key_ex() is documented on the same
> page.

It's marked as deprecated in master branch, but not in the latest
release. Try looking into the latest release docs, 1.0.1h -
doc/crypto/RSA_generate_key.pod doesn't even mention
RSA_generate_key_ex.

> I don't think we should blindly follow -DOPENSSL_NO_DEPRECATED and
> -DOPENSSL_NO_SSL_INTERN, but it's useful to find potential issues with
> existing code.

Sure, it can and likely will be helpful. In this particular case
the replacement code seems to be too long though. For
development needs, it will probably be enough to just return NULL
if OPENSSL_NO_DEPRECATED is defined.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH 1 of 4] SSL: include correct OpenSSL headers	Piotr Sikora	661	July 06, 2014 07:52PM
[PATCH 2 of 4] SSL: return temporary RSA key only when the key length matches	Piotr Sikora	353	July 06, 2014 07:52PM
[PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function	Piotr Sikora	392	July 06, 2014 07:52PM
Re: [PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function	Maxim Dounin	372	July 06, 2014 09:14PM
Re: [PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function	Piotr Sikora	336	July 06, 2014 10:18PM
Re: [PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function	Maxim Dounin	637	July 07, 2014 09:06AM
Re: [PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function	Piotr Sikora	350	July 07, 2014 06:04PM
Re: [PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function	Maxim Dounin	522	July 07, 2014 07:34PM
Re: [PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function	Piotr Sikora	290	July 08, 2014 06:24AM
Re: [PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function	Maxim Dounin	445	July 08, 2014 09:52PM
[PATCH 4 of 4] SSL: stop accessing SSL_SESSION's fields directly	Piotr Sikora	418	July 06, 2014 07:52PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 139

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018