SSL: RSA_generate_key() is deprecated in OpenSSL 1.1.0.

author Maxim Dounin <mdounin@mdounin.ru>

Thu, 31 Mar 2016 20:38:34 +0000 (23:38 +0300)

committer Maxim Dounin <mdounin@mdounin.ru>

Thu, 31 Mar 2016 20:38:34 +0000 (23:38 +0300)
author Maxim Dounin <mdounin@mdounin.ru>
Thu, 31 Mar 2016 20:38:34 +0000 (23:38 +0300)
committer Maxim Dounin <mdounin@mdounin.ru>
Thu, 31 Mar 2016 20:38:34 +0000 (23:38 +0300)
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c

index 9f3cc86a05279fc57b8596f226445291baa4b063..16ba012e58a080726c44d0d6b6f7845f2f53328e 100644 (file)
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -758,7 +758,7 @@ ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export,
          return NULL;
      }
  
-#ifndef OPENSSL_NO_DEPRECATED
+#if (OPENSSL_VERSION_NUMBER < 0x10100003L && !defined OPENSSL_NO_DEPRECATED)
  
      if (key == NULL) {
          key = RSA_generate_key(512, RSA_F4, NULL, NULL);
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c

index 12da4f2008f3dd2a73b47789bf17c00611b69c0a..6a4108c9fc8022cf7cb98183c03cdd18919f240b 100644 (file)
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -718,7 +718,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
          SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
      }
  
-#ifndef LIBRESSL_VERSION_NUMBER
+#if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER)
      /* a temporary 512-bit RSA key is required for export versions of MSIE */
      SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback);
  #endif
diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c

index 971085c1a860791d90443d37a203018e3151a80e..ff5c141e5fab943df245e1e8a3ae0f44bd38078e 100644 (file)
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@@ -421,7 +421,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
          SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
      }
  
-#ifndef LIBRESSL_VERSION_NUMBER
+#if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER)
      SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback);
  #endif
  
diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c

index 7abd9e15066f5ca4d0e1738a7101c229567801b6..e12da1b86f1c40ed4faeadc0b9a1d980352136c7 100644 (file)
--- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c
@@ -276,7 +276,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
          SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
      }
  
-#ifndef LIBRESSL_VERSION_NUMBER
+#if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER)
      SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback);
  #endif
author	Maxim Dounin <mdounin@mdounin.ru>
	Thu, 31 Mar 2016 20:38:34 +0000 (23:38 +0300)
committer	Maxim Dounin <mdounin@mdounin.ru>
	Thu, 31 Mar 2016 20:38:34 +0000 (23:38 +0300)
src/event/ngx_event_openssl.c		patch \| blob \| history
src/http/modules/ngx_http_ssl_module.c		patch \| blob \| history
src/mail/ngx_mail_ssl_module.c		patch \| blob \| history
src/stream/ngx_stream_ssl_module.c		patch \| blob \| history