Skip to content

Commit 8494012

Browse files
vszakatsvszakats
committed
examples/usercertinmem: use modern OpenSSL API, drop mentions of RSA
Replacing API calls deprecated by OpenSSL 3, and also missing from OpenSSL 3 no-deprecated builds, fixing builds with the latter: `PEM_read_bio_RSAPrivateKey()`, `RSA_free()`, `SSL_CTX_use_RSAPrivateKey()` Also: rename callback to match its `cacertinmem.c` sibling. Fixes #20595 Closes #20596
1 parent d445f2d commit 8494012

File tree

1 file changed

+16
-34
lines changed

1 file changed

+16
-34
lines changed

docs/examples/usercertinmem.c

Lines changed: 16 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@
2222
*
2323
***************************************************************************/
2424
/* <DESC>
25-
* Use an in-memory user certificate and RSA key and retrieve an HTTPS page.
25+
* Use in-memory user certificate and private key and retrieve an HTTPS page.
2626
* </DESC>
2727
*/
2828
/* Written by Ishan SinghLevett, based on Theo Borm's cacertinmem.c.
@@ -33,10 +33,6 @@
3333

3434
/* Requires: USE_OPENSSL */
3535

36-
#ifndef OPENSSL_SUPPRESS_DEPRECATED
37-
#define OPENSSL_SUPPRESS_DEPRECATED
38-
#endif
39-
4036
#include <openssl/ssl.h>
4137

4238
#include <stdio.h>
@@ -47,7 +43,7 @@
4743
#pragma GCC diagnostic ignored "-Woverlength-strings"
4844
#endif
4945

50-
static size_t writefunction(void *ptr, size_t size, size_t nmemb, void *stream)
46+
static size_t write_cb(void *ptr, size_t size, size_t nmemb, void *stream)
5147
{
5248
fwrite(ptr, size, nmemb, (FILE *)stream);
5349
return nmemb * size;
@@ -58,7 +54,7 @@ static CURLcode sslctx_function(CURL *curl, void *sslctx, void *pointer)
5854
X509 *cert = NULL;
5955
BIO *bio = NULL;
6056
BIO *kbio = NULL;
61-
RSA *rsa = NULL;
57+
EVP_PKEY *pkey;
6258
int ret;
6359

6460
const char *mypem =
@@ -74,26 +70,13 @@ static CURLcode sslctx_function(CURL *curl, void *sslctx, void *pointer)
7470
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"
7571
"-----END CERTIFICATE-----\n";
7672

77-
/* replace the XXX with the actual RSA key */
73+
/* replace the XXX with the actual private key */
7874
const char *mykey =
79-
"-----BEGIN RSA PRIVATE KEY-----\n"
80-
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"
81-
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"
82-
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"
83-
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"
84-
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"
85-
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"
86-
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"
87-
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"
88-
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"
89-
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"
90-
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"
91-
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"
92-
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"
75+
"-----BEGIN PRIVATE KEY-----\n"
9376
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"
9477
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"
9578
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"
96-
"-----END RSA PRIVATE KEY-----\n";
79+
"-----END PRIVATE KEY-----\n";
9780

9881
(void)curl;
9982
(void)pointer;
@@ -119,20 +102,19 @@ static CURLcode sslctx_function(CURL *curl, void *sslctx, void *pointer)
119102
printf("Use certificate failed\n");
120103
}
121104

122-
/* create a bio for the RSA key */
105+
/* create a bio for the private key */
123106
kbio = BIO_new_mem_buf(mykey, -1);
124107
if(!kbio) {
125108
printf("BIO_new_mem_buf failed\n");
126109
}
127110

128-
/* read the key bio into an RSA object */
129-
rsa = PEM_read_bio_RSAPrivateKey(kbio, NULL, 0, NULL);
130-
if(!rsa) {
131-
printf("Failed to create key bio\n");
111+
pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
112+
if(!pkey) {
113+
printf("Failed EVP_PKEY_new()\n");
132114
}
133115

134-
/* tell SSL to use the RSA key from memory */
135-
ret = SSL_CTX_use_RSAPrivateKey((SSL_CTX *)sslctx, rsa);
116+
/* tell SSL to use the private key from memory */
117+
ret = SSL_CTX_use_PrivateKey((SSL_CTX *)sslctx, pkey);
136118
if(ret != 1) {
137119
printf("Use Key failed\n");
138120
}
@@ -144,8 +126,8 @@ static CURLcode sslctx_function(CURL *curl, void *sslctx, void *pointer)
144126
if(kbio)
145127
BIO_free(kbio);
146128

147-
if(rsa)
148-
RSA_free(rsa);
129+
if(pkey)
130+
EVP_PKEY_free(pkey);
149131

150132
if(cert)
151133
X509_free(cert);
@@ -168,9 +150,9 @@ int main(void)
168150
curl_easy_setopt(curl, CURLOPT_HEADER, 0L);
169151
curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 1L);
170152
curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1L);
171-
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, writefunction);
153+
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_cb);
172154
curl_easy_setopt(curl, CURLOPT_WRITEDATA, stdout);
173-
curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, writefunction);
155+
curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, write_cb);
174156
curl_easy_setopt(curl, CURLOPT_HEADERDATA, stderr);
175157
curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
176158

0 commit comments

Comments
 (0)