X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=FAQ;h=1b14ffe9a46501ff336d40de3af17135b3780a80;hb=736a77f27584c52000f87b7135f613b2fdbe5669;hp=09f700cc3a13657d0f26d21501bfa284a58b1ed6;hpb=0d01d8a7359e311b461cd1b964ce90d0699c2a2f;p=oweals%2Fopenssl.git diff --git a/FAQ b/FAQ index 09f700cc3a..1b14ffe9a4 100644 --- a/FAQ +++ b/FAQ @@ -32,6 +32,7 @@ OpenSSL - Frequently Asked Questions * How do I install a CA certificate into a browser? * Why is OpenSSL x509 DN output not conformant to RFC2253? * What is a "128 bit certificate"? Can I create one with OpenSSL? +* Why does OpenSSL set the authority key identifier extension incorrectly? * How can I set up a bundle of commercial root CA certificates? [BUILD] Questions about building and testing OpenSSL @@ -68,6 +69,7 @@ OpenSSL - Frequently Asked Questions * Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? * I think I've detected a memory leak, is this a bug? * Why does Valgrind complain about the use of uninitialized data? +* Why doesn't a memory BIO work when a file does? =============================================================================== @@ -76,7 +78,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from . -OpenSSL 0.9.8h was released on May 28th, 2008. +OpenSSL 0.9.8i was released on Sep 15th, 2008. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at B->C so that A signs B and B signs C. Suppose +certificate C contains AKID. + +The purpose of this extension is to identify the authority certificate B. This +can be done either by including the subject key identifier of B or its issuer +name and serial number. + +In this latter case because it is identifying certifcate B it must contain the +issuer name and serial number of B. + +It is often wrongly assumed that it should contain the subject name of B. If it +did this would be redundant information because it would duplicate the issuer +name of C. + + * How can I set up a bundle of commercial root CA certificates? The OpenSSL software is shipped without any root CA certificate as the @@ -920,5 +941,25 @@ OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY) to get rid of these warnings. -=============================================================================== +* Why doesn't a memory BIO work when a file does? +This can occur in several cases for example reading an S/MIME email message. +The reason is that a memory BIO can do one of two things when all the data +has been read from it. + +The default behaviour is to indicate that no more data is available and that +the call should be retried, this is to allow the application to fill up the BIO +again if necessary. + +Alternatively it can indicate that no more data is available and that EOF has +been reached. + +If a memory BIO is to behave in the same way as a file this second behaviour +is needed. This must be done by calling: + + BIO_set_mem_eof_return(bio, 0); + +See the manual pages for more details. + + +===============================================================================