From: Bodo Möller Date: Tue, 13 Nov 2001 10:12:25 +0000 (+0000) Subject: Merge from OpenSSL_0_9_6-stable X-Git-Tag: OpenSSL-engine-0_9_6c~33 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=947a85d022b5a3404cdc4ca97d1804e763e5c03c;p=oweals%2Fopenssl.git Merge from OpenSSL_0_9_6-stable --- diff --git a/CHANGES b/CHANGES index d23520355b..cbb520ce47 100644 --- a/CHANGES +++ b/CHANGES @@ -86,7 +86,8 @@ the legal range. [Bodo Moeller] - *) OpenUNIX-8 support (Boyd Lynn Gerber ) + *) Add OpenUNIX-8 support including shared libraries + (Boyd Lynn Gerber ). [Lutz Jaenicke] *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid diff --git a/Configure b/Configure index 43f9b10908..f68febc61f 100755 --- a/Configure +++ b/Configure @@ -377,7 +377,6 @@ my %table=( "unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # OpenUNIX 8 -"OpenUNIX","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::", "OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::", "OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::", "OpenUNIX-8-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::", diff --git a/FAQ b/FAQ index 0281b4c4c7..0b6dc3195a 100644 --- a/FAQ +++ b/FAQ @@ -28,6 +28,7 @@ OpenSSL - Frequently Asked Questions * How can I remove the passphrase on a private key? * Why can't I use OpenSSL certificates with SSL client authentication? * Why does my browser give a warning about a mismatched hostname? +* How do I install a CA certificate into a browser? [BUILD] Questions about building and testing OpenSSL @@ -323,6 +324,26 @@ Browsers expect the server's hostname to match the value in the commonName (CN) field of the certificate. If it does not then you get a warning. +* How do I install a CA certificate into a browser? + +The usual way is to send the DER encoded certificate to the browser as +MIME type application/x-x509-ca-cert, for example by clicking on an appropriate +link. On MSIE certain extensions such as .der or .cacert may also work, or you +can import the certificate using the certificate import wizard. + +You can convert a certificate to DER form using the command: + +openssl x509 -in ca.pem -outform DER -out ca.der + +Occasionally someone suggests using a command such as: + +openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem + +DO NOT DO THIS! This command will give away your CAs private key and +reduces its security to zero: allowing anyone to forge certificates in +whatever name they choose. + + [BUILD] ======================================================================= * Why does the linker complain about undefined symbols? diff --git a/TABLE b/TABLE index bf539fdba9..e3293e3409 100644 --- a/TABLE +++ b/TABLE @@ -352,28 +352,6 @@ $shared_cflag = -fPIC $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = -*** OpenUNIX -$cc = cc -$cflags = -O -DFILIO_H -Kalloca -$unistd = -$thread_cflag = -Kthread -$lflags = -lsocket -lnsl -$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_extension = -$ranlib = - *** OpenUNIX-8 $cc = cc $cflags = -O -DFILIO_H -Kalloca