httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject svn commit: r1023521 - in /httpd/httpd/trunk/modules/ssl: ssl_engine_init.c ssl_toolkit_compat.h
Date Sun, 17 Oct 2010 16:30:13 GMT
Author: drh
Date: Sun Oct 17 16:30:13 2010
New Revision: 1023521

URL: http://svn.apache.org/viewvc?rev=1023521&view=rev
Log:
Avoid use of deprecated RSA_generate_key() function.

Modified:
    httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
    httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1023521&r1=1023520&r2=1023521&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Sun Oct 17 16:30:13 2010
@@ -90,7 +90,25 @@ static int ssl_tmp_key_init_rsa(server_r
     }
 
 #endif
-
+#ifdef HAVE_GENERATE_EX
+    {
+        RSA *tkey;
+        BIGNUM *bn_f4;
+        if (!(tkey == RSA_new())
+          || !(bn_f4 == BN_new())
+          || !BN_set_word(bn_f4, RSA_F4)
+          || !RSA_generate_key_ex(tkey, bits, bn_f4, NULL))
+        {
+            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+                         "Init: Failed to generate temporary "
+                         "%d bit RSA private key", bits);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
+            return !OK;
+        }
+        BN_free(bn_f4);
+        mc->pTmpKeys[idx] = tkey;
+    }
+#else
     if (!(mc->pTmpKeys[idx] =
           RSA_generate_key(bits, RSA_F4, NULL, NULL)))
     {
@@ -100,6 +118,7 @@ static int ssl_tmp_key_init_rsa(server_r
         ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
         return !OK;
     }
+#endif
 
     return OK;
 }

Modified: httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h?rev=1023521&r1=1023520&r2=1023521&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h Sun Oct 17 16:30:13 2010
@@ -48,6 +48,10 @@
 #include <openssl/ocsp.h>
 #endif
 
+#if (OPENSSL_VERSION_NUMBER >= 0x00908000)
+#define HAVE_GENERATE_EX
+#endif
+
 /* ECC support came along in OpenSSL 1.0.0 */
 #if (OPENSSL_VERSION_NUMBER < 0x10000000)
 #define OPENSSL_NO_EC



Mime
View raw message