X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=FAQ;h=1a66b18359d0dfe98f9f79bf36c3f2ec492d0078;hb=4bb89bca9e3079ac80e98e4d6a9fce30964a14b4;hp=fda3323f250e478c10d1af1de842a78c14b120ed;hpb=65613f23bafeb26145b86b2649d0f554411bb052;p=oweals%2Fopenssl.git diff --git a/FAQ b/FAQ index fda3323f25..1a66b18359 100644 --- a/FAQ +++ b/FAQ @@ -32,6 +32,7 @@ OpenSSL - Frequently Asked Questions * How do I install a CA certificate into a browser? * Why is OpenSSL x509 DN output not conformant to RFC2253? * What is a "128 bit certificate"? Can I create one with OpenSSL? +* Why does OpenSSL set the authority key identifier extension incorrectly? [BUILD] Questions about building and testing OpenSSL @@ -66,6 +67,7 @@ OpenSSL - Frequently Asked Questions * Why doesn't my server application receive a client certificate? * Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? * I think I've detected a memory leak, is this a bug? +* Why doesn't a memory BIO work when a file does? =============================================================================== @@ -74,7 +76,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from . -OpenSSL 0.9.8a was released on October 11th, 2005. +OpenSSL 0.9.8e was released on February 23rd, 2007. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at B->C so that A signs B and B signs C. Suppose +certificate C contains AKID. + +The purpose of this extension is to identify the authority certificate B. This +can be done either by including the subject key identifier of B or its issuer +name and serial number. + +In this latter case because it is identifying certifcate B it must contain the +issuer name and serial number of B. + +It is often wrongly assumed that it should contain the subject name of B. If it +did this would be redundant information because it would duplicate the issuer +name of C. + + [BUILD] ======================================================================= * Why does the linker complain about undefined symbols? @@ -679,8 +700,11 @@ libraries. If your platform is not one of these, consult the INSTALL file. Multi-threaded applications must provide two callback functions to -OpenSSL. This is described in the threads(3) manpage. - +OpenSSL by calling CRYPTO_set_locking_callback() and +CRYPTO_set_id_callback(). (For OpenSSL 0.9.9 or later, the new +function CRYPTO_set_idptr_callback() may be used in place of +CRYPTO_set_id_callback().) This is described in the threads(3) +manpage. * I've compiled a program under Windows and it crashes: why? @@ -893,5 +917,26 @@ thread-safe): ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data(). +* Why doesn't a memory BIO work when a file does? + +This can occur in several cases for example reading an S/MIME email message. +The reason is that a memory BIO can do one of two things when all the data +has been read from it. + +The default behaviour is to indicate that no more data is available and that +the call should be retried, this is to allow the application to fill up the BIO +again if necessary. + +Alternatively it can indicate that no more data is available and that EOF has +been reached. + +If a memory BIO is to behave in the same way as a file this second behaviour +is needed. This must be done by calling: + + BIO_set_mem_eof_return(bio, 0); + +See the manual pages for more details. + + ===============================================================================