On 27/08/2021 08:47, Kumar Mishra, Sanjeev wrote:
Hi All,
I am upgrading the code from OpenSSL 1.0.1 to OpenSSL 3.0.
I am getting compilation errors for deprecated functions and structure
like "EC_KEY_new_by_curve_name()" , "SSL_CTX_set_tmp_ecdh()" and
"EC_KEY"......etc.
The code is like follows --
-------
-------
EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
SSL_CTX_set_tmp_ecdh(mrmIcbPtr -> sslServerCtx, ecdh);
.........
.........
The SSL_CTX_set_tmp_ecdh man page says this:
"SSL_CTX_set_tmp_ecdh() sets ECDH parameters to be used to be B<ecdh>.
The key is inherited by all B<ssl> objects created from B<ctx>.
This macro is deprecated in favor of L<SSL_CTX_set1_groups(3)>."
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_tmp_ecdh.html
So call SSL_CTX_set1_groups() instead:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html
Actually, even easier you can call SSL_CTX_set1_groups_list()
(documented on the same man page), which means you can just set the
group via a string:
SSL_CTX_set1_groups_list(mrmIcbPtr -> sslServerCtx, "P-256");
Where "P-256" is the string name associated with NID_X9_62_prime256v1.
Or your final alternative is to not doing anything at all, and simply
remove this code. In 3.0 you can specify multiple groups and they have
sensible defaults that are already set for you (which include X25519 and
P-256).
Matt
