Welcome! Log In Create A New Profile

Advanced

[nginx] SSL: RSA data type is deprecated in OpenSSL 3.0.

Maxim Dounin
November 16, 2021 09:54AM
details: https://hg.nginx.org/nginx/rev/ec2798eb3648
branches: stable-1.20
changeset: 7960:ec2798eb3648
user: Sergey Kandaurov <pluknet@nginx.com>
date: Tue Aug 10 23:42:59 2021 +0300
description:
SSL: RSA data type is deprecated in OpenSSL 3.0.

The only consumer is a callback function for SSL_CTX_set_tmp_rsa_callback()
deprecated in OpenSSL 1.1.0. Now the function is conditionally compiled too.

diffstat:

src/event/ngx_event_openssl.c | 6 +++++-
src/event/ngx_event_openssl.h | 2 ++
2 files changed, 7 insertions(+), 1 deletions(-)

diffs (44 lines):

diff -r efbcecbe5805 -r ec2798eb3648 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Wed Aug 04 21:27:51 2021 +0300
+++ b/src/event/ngx_event_openssl.c Tue Aug 10 23:42:59 2021 +0300
@@ -1116,6 +1116,8 @@ ngx_ssl_info_callback(const ngx_ssl_conn
}


+#if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER)
+
RSA *
ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export,
int key_length)
@@ -1126,7 +1128,7 @@ ngx_ssl_rsa512_key_callback(ngx_ssl_conn
return NULL;
}

-#if (OPENSSL_VERSION_NUMBER < 0x10100003L && !defined OPENSSL_NO_DEPRECATED)
+#ifndef OPENSSL_NO_DEPRECATED

if (key == NULL) {
key = RSA_generate_key(512, RSA_F4, NULL, NULL);
@@ -1137,6 +1139,8 @@ ngx_ssl_rsa512_key_callback(ngx_ssl_conn
return key;
}

+#endif
+

ngx_array_t *
ngx_ssl_read_password_file(ngx_conf_t *cf, ngx_str_t *file)
diff -r efbcecbe5805 -r ec2798eb3648 src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h Wed Aug 04 21:27:51 2021 +0300
+++ b/src/event/ngx_event_openssl.h Tue Aug 10 23:42:59 2021 +0300
@@ -196,8 +196,10 @@ ngx_int_t ngx_ssl_ocsp_validate(ngx_conn
ngx_int_t ngx_ssl_ocsp_get_status(ngx_connection_t *c, const char **s);
void ngx_ssl_ocsp_cleanup(ngx_connection_t *c);
ngx_int_t ngx_ssl_ocsp_cache_init(ngx_shm_zone_t *shm_zone, void *data);
+#if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER)
RSA *ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export,
int key_length);
+#endif
ngx_array_t *ngx_ssl_read_password_file(ngx_conf_t *cf, ngx_str_t *file);
ngx_array_t *ngx_ssl_preserve_passwords(ngx_conf_t *cf,
ngx_array_t *passwords);
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] SSL: RSA data type is deprecated in OpenSSL 3.0.

Maxim Dounin 66 November 16, 2021 09:54AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 69
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready