From 9a0d894f1000e3d4a6ce1fc91cfe6867fa8fc591 Mon Sep 17 00:00:00 2001
From: Jean Flach <jean-marcel.flach@icinga.com>
Date: Fri, 25 Aug 2017 14:46:35 +0200
Subject: [PATCH] Don't use deprecated RSA_generate_key

fixes #4635
---
 lib/base/tlsutility.cpp | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/lib/base/tlsutility.cpp b/lib/base/tlsutility.cpp
index 57f8d1901..a687cf869 100644
--- a/lib/base/tlsutility.cpp
+++ b/lib/base/tlsutility.cpp
@@ -336,7 +336,28 @@ int MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile,
 
 	InitializeOpenSSL();
 
-	RSA *rsa = RSA_generate_key(4096, RSA_F4, nullptr, nullptr);
+	RSA *rsa = RSA_new();
+	BIGNUM *e = BN_new();
+
+	if (rsa == NULL || e == NULL) {
+		Log(LogCritical, "SSL")
+			<< "Error while creating RSA key: " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
+		BOOST_THROW_EXCEPTION(openssl_error()
+			<< boost::errinfo_api_function("RSA_generate_key")
+			<< errinfo_openssl_error(ERR_peek_error()));
+	}
+
+	BN_set_word(e, RSA_F4);
+
+	if (RSA_generate_key_ex(rsa, 4096, e, NULL) == NULL) {
+		Log(LogCritical, "SSL")
+			<< "Error while creating RSA key: " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
+		BOOST_THROW_EXCEPTION(openssl_error()
+			<< boost::errinfo_api_function("RSA_generate_key")
+			<< errinfo_openssl_error(ERR_peek_error()));
+	}
+
+	BN_free(e);
 
 	Log(LogInformation, "base")
 		<< "Writing private key to '" << keyfile << "'.";
-- 
2.40.0