Welcome! Log In Create A New Profile

Re: [PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function

Forum List Message List New Topic Print View

Piotr Sikora

July 08, 2014 06:24AM

Hey Maxim,

> I don't think it's time to remove it, but as I previously said, I
> will be fine with something like this:
>
> diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
> --- a/src/event/ngx_event_openssl.c
> +++ b/src/event/ngx_event_openssl.c
> @@ -652,12 +652,16 @@ ngx_ssl_rsa512_key_callback(ngx_ssl_conn
> {
> static RSA *key;
>
> +#ifndef OPENSSL_NO_DEPRECATED
> +
> if (key_length == 512) {
> if (key == NULL) {
> key = RSA_generate_key(512, RSA_F4, NULL, NULL);
> }
> }
>
> +#endif
> +
> return key;
> }
>
>
> This won't change anything for normal builds, but will allow test
> builds with OPENSSL_NO_DEPRECATED defined.

I'd prefer to see the RSA_generate_key_ex() being used (even though
it's more complex interface), but I don't care enough to fight over
this, so I guess your patch is "good enough", however I'd like to see
my patch #2 applied first (i.e. if key_length != 512 return NULL), so
that only RSA_generate_key() is being guarded.

Best regards,
Piotr Sikora

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH 1 of 4] SSL: include correct OpenSSL headers	Piotr Sikora	661	July 06, 2014 07:52PM
[PATCH 2 of 4] SSL: return temporary RSA key only when the key length matches	Piotr Sikora	353	July 06, 2014 07:52PM
[PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function	Piotr Sikora	392	July 06, 2014 07:52PM
Re: [PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function	Maxim Dounin	372	July 06, 2014 09:14PM
Re: [PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function	Piotr Sikora	336	July 06, 2014 10:18PM
Re: [PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function	Maxim Dounin	637	July 07, 2014 09:06AM
Re: [PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function	Piotr Sikora	350	July 07, 2014 06:04PM
Re: [PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function	Maxim Dounin	522	July 07, 2014 07:34PM
Re: [PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function	Piotr Sikora	289	July 08, 2014 06:24AM
Re: [PATCH 3 of 4] SSL: stop using deprecated RSA_generate_key() function	Maxim Dounin	445	July 08, 2014 09:52PM
[PATCH 4 of 4] SSL: stop accessing SSL_SESSION's fields directly	Piotr Sikora	418	July 06, 2014 07:52PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 177

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018