X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=FAQ;h=2579d51cbad8d8ab5339f6ac1e26dfd838fe3c65;hb=2b8dc08b74fc3c6d4c2fc855cc23bac691d985be;hp=3e23e23de86647b11631e4b36f09d15b6b38df2e;hpb=f1112985e847286033ac573e70bdee752d26f46f;p=oweals%2Fopenssl.git diff --git a/FAQ b/FAQ index 3e23e23de8..2579d51cba 100644 --- a/FAQ +++ b/FAQ @@ -133,7 +133,7 @@ OpenSSL. Information on the OpenSSL mailing lists is available from * Where can I get a compiled version of OpenSSL? You can finder pointers to binary distributions in - . + . Some applications that use OpenSSL are distributed in binary form. When using such an application, you don't need to install OpenSSL @@ -412,7 +412,7 @@ whatever name they choose. The ways to print out the oneline format of the DN (Distinguished Name) have been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex() interface, the "-nameopt" option could be introduded. See the manual -page of the "openssl x509" commandline tool for details. The old behaviour +page of the "openssl x509" command line tool for details. The old behaviour has however been left as default for the sake of compatibility. * What is a "128 bit certificate"? Can I create one with OpenSSL? @@ -434,7 +434,7 @@ software from the US only weak encryption algorithms could be freely exported inadequate. A relaxation of the rules allowed the use of strong encryption but only to an authorised server. -Two slighly different techniques were developed to support this, one used by +Two slightly different techniques were developed to support this, one used by Netscape was called "step up", the other used by MSIE was called "Server Gated Cryptography" (SGC). When a browser initially connected to a server it would check to see if the certificate contained certain extensions and was issued by @@ -723,16 +723,15 @@ possible alternative might be to switch to GCC. * Test suite still fails, what to do? -Another common reason for failure to complete some particular test is -simply bad code generated by a buggy component in toolchain or deficiency -in run-time environment. There are few cases documented in PROBLEMS file, -consult it for possible workaround before you beat the drum. Even if you -don't find solution or even mention there, do reserve for possibility of -a compiler bug. Compiler bugs might appear in rather bizarre ways, they -never make sense, and tend to emerge when you least expect them. In order -to identify one, drop optimization level, e.g. by editing CFLAG line in -top-level Makefile, recompile and re-run the test. - +Another common reason for test failures is bugs in the toolchain +or run-time environment. Known cases of this are documented in the +PROBLEMS file, please review it before you beat the drum. Even if you +don't find anything in that file, please do consider the possibility +of a compiler bug. Compiler bugs often appear in rather bizarre ways, +they never make sense, and tend to emerge when you least expect +them. One thing to try is to reduce the level of optimization (such +as by editing the CFLAG variable line in the top-level Makefile), +and then recompile and re-run the test. * I think I've found a bug, what should I do? @@ -790,18 +789,15 @@ considered to be security issues. * Is OpenSSL thread-safe? -Yes (with limitations: an SSL connection may not concurrently be used -by multiple threads). On Windows and many Unix systems, OpenSSL -automatically uses the multi-threaded versions of the standard -libraries. If your platform is not one of these, consult the INSTALL -file. - -Multi-threaded applications must provide two callback functions to -OpenSSL by calling CRYPTO_set_locking_callback() and -CRYPTO_set_id_callback(), for all versions of OpenSSL up to and -including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback() -and associated APIs are deprecated by CRYPTO_THREADID_set_callback() -and friends. This is described in the threads(3) manpage. +Provided an application sets up the thread callback functions, the +answer is yes. There are limitations; for example, an SSL connection +cannot be used concurrently by multiple threads. This is true for +most OpenSSL objects. + +To do this, your application must call CRYPTO_set_locking_callback() +and one of the CRYPTO_THREADID_set...() API's. See the OpenSSL threads +manpage for details and "note on multi-threading" in the INSTALL file in +the source distribution. * I've compiled a program under Windows and it crashes: why?