Need Replacement for Deprecated function.
Jeremy Harris
jgh at wizmail.org
Fri Dec 3 19:05:43 UTC 2021
On 02/12/2021 11:07, Matt Caswell wrote:
> EVP_PKEY_get_bits() should be equivalent to DH_bits() (for a DH file). I would definitely double-check that you are not mis-loading something.
OK; this was indeed my fault.
One minor docs item:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set0_tmp_dh_pkey.html
says
"Ownership of the dhpkey value is passed to the SSL_CTX or SSL object as a result of this call, and so the caller should not free it if the function call is succesful."
It's not quite clear what the onwership for a failing call is.
Experiment shows that an EVP_free() after a fail causes a crash,
at least for a "dh key too small" error.
--
Cheers,
Jeremy
More information about the openssl-users
mailing list