Skip to content

Replace QCA with a simple OpenSSL wrapper

Albert Vaca Cintora requested to merge work/remove-qca into master

QCA is not actively developed and has given us many problems through the years. The last one being that it exit()s the app if OpenSSL isn't built with support for the Legacy provider. edit: this got fixed in qca master already.

This MR replaces QCA with a simple wrapper around OpenSSL that does the 2 things we want: generate private keys and generate self-signed certificates. The low level OpenSSL code is behind a simple 2-function interface, which also simplifies the rest of the code where they are used.

This change is backwards compatible: the new code can load keys and certs generated with the old code and vice-verse, since the format is the same.

The only (intentional) difference in behavior is that, while QCA uses the deprecated SHA1 to sign the certificates, we use SHA256.

Edited by Albert Vaca Cintora

Merge request reports

Loading