Am 15.12.13 19:34, schrieb Steffan Karger: > Hi, > > Attached a patch that should close issue #197. This patch moves from > using the deprecated RSA_generate_key() to the 'new' > RSA_generate_key_ex() to generate ephemeral RSA keys. This patch does > not change OpenVPN's behaviour. > > One note on the implementation though; the code generates one ephemeral > RSA key that is used during the entire lifetime of an OpenVPN process. > If OpenSSL requests a new (ephemeral) key, it will keep on returning the > same (usually rather small) key. Not the best solution. > > ACK from me. This is code is *very* similar to the actual RSA_generate_key key function which is also a compatbility layer around RSA_generate_key_ex. I used to include a copy of RSA_generate_key in the Android openvpn version since Android's openssl library is build without depracted interfaces.
Arne
