| FAQ (100928) | FAQ (100936) |
|---|---|
| 1OpenSSL - Frequently Asked Questions 2-------------------------------------- 3 4[MISC] Miscellaneous questions 5 6* Which is the current version of OpenSSL? 7* Where is the documentation? 8* How can I contact the OpenSSL developers? --- 24 unchanged lines hidden (view full) --- 33[BUILD] Questions about building and testing OpenSSL 34 35* Why does the linker complain about undefined symbols? 36* Why does the OpenSSL test fail with "bc: command not found"? 37* Why does the OpenSSL test fail with "bc: 1 no implemented"? 38* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? 39* Why does the OpenSSL compilation fail with "ar: command not found"? 40* Why does the OpenSSL compilation fail on Win32 with VC++? | 1OpenSSL - Frequently Asked Questions 2-------------------------------------- 3 4[MISC] Miscellaneous questions 5 6* Which is the current version of OpenSSL? 7* Where is the documentation? 8* How can I contact the OpenSSL developers? --- 24 unchanged lines hidden (view full) --- 33[BUILD] Questions about building and testing OpenSSL 34 35* Why does the linker complain about undefined symbols? 36* Why does the OpenSSL test fail with "bc: command not found"? 37* Why does the OpenSSL test fail with "bc: 1 no implemented"? 38* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? 39* Why does the OpenSSL compilation fail with "ar: command not found"? 40* Why does the OpenSSL compilation fail on Win32 with VC++? |
| 41* What is special about OpenSSL on Redhat? 42* Why does the OpenSSL test suite fail on MacOS X? |
|
| 41 42[PROG] Questions about programming with OpenSSL 43 44* Is OpenSSL thread-safe? 45* I've compiled a program under Windows and it crashes: why? 46* How do I read or write a DER encoded buffer using the ASN1 functions? 47* I've tried using <M_some_evil_pkcs12_macro> and I get errors why? 48* I've called <some function> and it fails, why? --- 5 unchanged lines hidden (view full) --- 54 55=============================================================================== 56 57[MISC] ======================================================================== 58 59* Which is the current version of OpenSSL? 60 61The current version is available from <URL: http://www.openssl.org>. | 43 44[PROG] Questions about programming with OpenSSL 45 46* Is OpenSSL thread-safe? 47* I've compiled a program under Windows and it crashes: why? 48* How do I read or write a DER encoded buffer using the ASN1 functions? 49* I've tried using <M_some_evil_pkcs12_macro> and I get errors why? 50* I've called <some function> and it fails, why? --- 5 unchanged lines hidden (view full) --- 56 57=============================================================================== 58 59[MISC] ======================================================================== 60 61* Which is the current version of OpenSSL? 62 63The current version is available from <URL: http://www.openssl.org>. |
| 62OpenSSL 0.9.6d was released on 9 May, 2002. | 64OpenSSL 0.9.6e was released on 30 May, 2002. |
| 63 64In addition to the current stable release, you can also access daily 65snapshots of the OpenSSL development version at <URL: 66ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access. 67 68 69* Where is the documentation? 70 --- 139 unchanged lines hidden (view full) --- 210OpenSSL command line tools. Applications using the OpenSSL library 211provide their own configuration options to specify the entropy source, 212please check out the documentation coming the with application. 213 214For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested 215installing the SUNski package from Sun patch 105710-01 (Sparc) which 216adds a /dev/random device and make sure it gets used, usually through 217$RANDFILE. There are probably similar patches for the other Solaris | 65 66In addition to the current stable release, you can also access daily 67snapshots of the OpenSSL development version at <URL: 68ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access. 69 70 71* Where is the documentation? 72 --- 139 unchanged lines hidden (view full) --- 212OpenSSL command line tools. Applications using the OpenSSL library 213provide their own configuration options to specify the entropy source, 214please check out the documentation coming the with application. 215 216For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested 217installing the SUNski package from Sun patch 105710-01 (Sparc) which 218adds a /dev/random device and make sure it gets used, usually through 219$RANDFILE. There are probably similar patches for the other Solaris |
| 218versions. However, be warned that /dev/random is usually a blocking 219device, which may have some effects on OpenSSL. | 220versions. An official statement from Sun with respect to /dev/random 221support can be found at 222 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski 223However, be warned that /dev/random is usually a blocking device, which 224may have some effects on OpenSSL. |
| 220 221 222* Why do I get an "unable to write 'random state'" error message? 223 224 225Sometimes the openssl command line utility does not abort with 226a "PRNG not seeded" error message, but complains that it is 227"unable to write 'random state'". This message refers to the --- 218 unchanged lines hidden (view full) --- 446can't find standard include files like stdio.h and other weirdnesses. 447One possible cause is that the environment isn't correctly set up. 448To solve that problem, one should run VCVARS32.BAT which is found in 449the 'bin' subdirectory of the VC++ installation directory (somewhere 450under 'Program Files'). This needs to be done prior to running NMAKE, 451and the changes are only valid for the current DOS session. 452 453 | 225 226 227* Why do I get an "unable to write 'random state'" error message? 228 229 230Sometimes the openssl command line utility does not abort with 231a "PRNG not seeded" error message, but complains that it is 232"unable to write 'random state'". This message refers to the --- 218 unchanged lines hidden (view full) --- 451can't find standard include files like stdio.h and other weirdnesses. 452One possible cause is that the environment isn't correctly set up. 453To solve that problem, one should run VCVARS32.BAT which is found in 454the 'bin' subdirectory of the VC++ installation directory (somewhere 455under 'Program Files'). This needs to be done prior to running NMAKE, 456and the changes are only valid for the current DOS session. 457 458 |
| 459* What is special about OpenSSL on Redhat? 460 461Red Hat Linux (release 7.0 and later) include a preinstalled limited 462version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2 463is disabled in this version. The same may apply to other Linux distributions. 464Users may therefore wish to install more or all of the features left out. 465 466To do this you MUST ensure that you do not overwrite the openssl that is in 467/usr/bin on your Red Hat machine. Several packages depend on this file, 468including sendmail and ssh. /usr/local/bin is a good alternative choice. The 469libraries that come with Red Hat 7.0 onwards have different names and so are 470not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and 471/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and 472/lib/libcrypto.so.2 respectively). 473 474Please note that we have been advised by Red Hat attempting to recompile the 475openssl rpm with all the cryptography enabled will not work. All other 476packages depend on the original Red Hat supplied openssl package. It is also 477worth noting that due to the way Red Hat supplies its packages, updates to 478openssl on each distribution never change the package version, only the 479build number. For example, on Red Hat 7.1, the latest openssl package has 480version number 0.9.6 and build number 9 even though it contains all the 481relevant updates in packages up to and including 0.9.6b. 482 483A possible way around this is to persuade Red Hat to produce a non-US 484version of Red Hat Linux. 485 486FYI: Patent numbers and expiry dates of US patents: 487MDC-2: 4,908,861 13/03/2007 488IDEA: 5,214,703 25/05/2010 489RC5: 5,724,428 03/03/2015 490 491 492* Why does the OpenSSL test suite fail on MacOS X? 493 494If the failure happens when running 'make test' and the RC4 test fails, 495it's very probable that you have OpenSSL 0.9.6b delivered with the 496operating system (you can find out by running '/usr/bin/openssl version') 497and that you were trying to build OpenSSL 0.9.6d. The problem is that 498the loader ('ld') in MacOS X has a misfeature that's quite difficult to 499go around and has linked the programs "openssl" and the test programs 500with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the 501libraries you just built. 502Look in the file PROBLEMS for a more detailed explanation and for possible 503solutions. 504 |
|
| 454[PROG] ======================================================================== 455 456* Is OpenSSL thread-safe? 457 458Yes (with limitations: an SSL connection may not concurrently be used 459by multiple threads). On Windows and many Unix systems, OpenSSL 460automatically uses the multi-threaded versions of the standard 461libraries. If your platform is not one of these, consult the INSTALL --- 159 unchanged lines hidden --- | 505[PROG] ======================================================================== 506 507* Is OpenSSL thread-safe? 508 509Yes (with limitations: an SSL connection may not concurrently be used 510by multiple threads). On Windows and many Unix systems, OpenSSL 511automatically uses the multi-threaded versions of the standard 512libraries. If your platform is not one of these, consult the INSTALL --- 159 unchanged lines hidden --- |