4 files changed, 11 insertions, 25 deletions

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 0527c9c30..a12672583 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -371,28 +371,18 @@ ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret)
 }
 
 
-ngx_int_t
-ngx_ssl_generate_rsa512_key(ngx_ssl_t *ssl)
+RSA *
+ngx_ssl_rsa512_key_callback(SSL *ssl, int is_export, int key_length)
 {
-    RSA  *key;
-
-    if (SSL_CTX_need_tmp_RSA(ssl->ctx) == 0) {
-        return NGX_OK;
-    }
-
-    key = RSA_generate_key(512, RSA_F4, NULL, NULL);
-
-    if (key) {
-        SSL_CTX_set_tmp_rsa(ssl->ctx, key);
+    static RSA  *key;
 
-        RSA_free(key);
-
-        return NGX_OK;
+    if (key_length == 512) {
+        if (key == NULL) {
+            key = RSA_generate_key(512, RSA_F4, NULL, NULL);
+        }
     }
 
-    ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "RSA_generate_key(512) failed");
-
-    return NGX_ERROR;
+    return key;
 }
 
 
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index a8f9d8757..d564e5d9b 100644
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -99,7 +99,7 @@ ngx_int_t ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
 ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
     ngx_str_t *cert, ngx_int_t depth);
 ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl);
-ngx_int_t ngx_ssl_generate_rsa512_key(ngx_ssl_t *ssl);
+RSA *ngx_ssl_rsa512_key_callback(SSL *ssl, int is_export, int key_length);
 ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
 ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
     ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout);
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index 1860050d3..52c9196ce 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -465,9 +465,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
     }
 
     /* a temporary 512-bit RSA key is required for export versions of MSIE */
-    if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
-        return NGX_CONF_ERROR;
-    }
+    SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback);
 
     if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
         return NGX_CONF_ERROR;
diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
index 9dd9dfd15..da91d37ce 100644
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@@ -286,9 +286,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
         SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
     }
 
-    if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
-        return NGX_CONF_ERROR;
-    }
+    SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback);
 
     if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
         return NGX_CONF_ERROR;