On 15/03/2021 23:53, Thomas Dwyer III wrote:
I'm porting some very old code from 1.0.2 to 3.0 (but it still has to
compile for both) and I'm trying to understand it's use of
SSL_CTX_set_tmp_rsa_callback(). It looks like this was removed in 1.1.0
but it's not obvious to me why it was necessary in the first place. My
read of the 1.0.2 man page suggests that the callback is only invoked
for very small key sizes in order to comply with US export restrictions
from decades ago, but I'm having trouble confirming this via code
inspection. Is my understanding correct and, given that this code will
never see RSA keys smaller than 2048 bits, I can just delete the
callback rather than add a bunch of:
#if OPENSSL_VERSION_NUMBER < 0x10100000L
...
#endif
Or is there some fundamental difference between the way key exchange
works in 1.0.2 compared to later versions that makes the callback in
1.0.2 still necessary?
You are correct. Just delete the code.
Matt
