FAQ revision 194206
159191SkrisOpenSSL - Frequently Asked Questions 259191Skris-------------------------------------- 359191Skris 476866Skris[MISC] Miscellaneous questions 576866Skris 659191Skris* Which is the current version of OpenSSL? 759191Skris* Where is the documentation? 859191Skris* How can I contact the OpenSSL developers? 976866Skris* Where can I get a compiled version of OpenSSL? 1076866Skris* Why aren't tools like 'autoconf' and 'libtool' used? 1189837Skris* What is an 'engine' version? 12109998Smarkm* How do I check the authenticity of the OpenSSL distribution? 1376866Skris 1476866Skris[LEGAL] Legal questions 1576866Skris 1659191Skris* Do I need patent licenses to use OpenSSL? 1776866Skris* Can I use OpenSSL with GPL software? 1876866Skris 1976866Skris[USER] Questions on using the OpenSSL applications 2076866Skris 2159191Skris* Why do I get a "PRNG not seeded" error message? 2279998Skris* Why do I get an "unable to write 'random state'" error message? 2359191Skris* How do I create certificates or certificate requests? 2459191Skris* Why can't I create certificate requests? 2559191Skris* Why does <SSL program> fail with a certificate verify error? 2668651Skris* Why can I only use weak ciphers when I connect to a server using OpenSSL? 2759191Skris* How can I create DSA certificates? 2859191Skris* Why can't I make an SSL connection using a DSA certificate? 2968651Skris* How can I remove the passphrase on a private key? 3076866Skris* Why can't I use OpenSSL certificates with SSL client authentication? 3176866Skris* Why does my browser give a warning about a mismatched hostname? 3289837Skris* How do I install a CA certificate into a browser? 33109998Smarkm* Why is OpenSSL x509 DN output not conformant to RFC2253? 34160814Ssimon* What is a "128 bit certificate"? Can I create one with OpenSSL? 35194206Ssimon* Why does OpenSSL set the authority key identifier extension incorrectly? 36194206Ssimon* How can I set up a bundle of commercial root CA certificates? 3776866Skris 3876866Skris[BUILD] Questions about building and testing OpenSSL 3976866Skris 4076866Skris* Why does the linker complain about undefined symbols? 4168651Skris* Why does the OpenSSL test fail with "bc: command not found"? 4268651Skris* Why does the OpenSSL test fail with "bc: 1 no implemented"? 43109998Smarkm* Why does the OpenSSL test fail with "bc: stack empty"? 4489837Skris* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? 4568651Skris* Why does the OpenSSL compilation fail with "ar: command not found"? 4676866Skris* Why does the OpenSSL compilation fail on Win32 with VC++? 47100936Snectar* What is special about OpenSSL on Redhat? 48109998Smarkm* Why does the OpenSSL compilation fail on MacOS X? 49100936Snectar* Why does the OpenSSL test suite fail on MacOS X? 50109998Smarkm* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? 51109998Smarkm* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? 52160814Ssimon* Why does the OpenSSL test suite fail in sha512t on x86 CPU? 53160814Ssimon* Why does compiler fail to compile sha512.c? 54160814Ssimon* Test suite still fails, what to do? 5559191Skris 5676866Skris[PROG] Questions about programming with OpenSSL 5759191Skris 5876866Skris* Is OpenSSL thread-safe? 5976866Skris* I've compiled a program under Windows and it crashes: why? 6076866Skris* How do I read or write a DER encoded buffer using the ASN1 functions? 61142425Snectar* OpenSSL uses DER but I need BER format: does OpenSSL support BER? 6276866Skris* I've tried using <M_some_evil_pkcs12_macro> and I get errors why? 6376866Skris* I've called <some function> and it fails, why? 6476866Skris* I just get a load of numbers for the error output, what do they mean? 6576866Skris* Why do I get errors about unknown algorithms? 6676866Skris* Why can't the OpenSSH configure script detect OpenSSL? 6776866Skris* Can I use OpenSSL's SSL library with non-blocking I/O? 6879998Skris* Why doesn't my server application receive a client certificate? 69109998Smarkm* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? 70142425Snectar* I think I've detected a memory leak, is this a bug? 71194206Ssimon* Why does Valgrind complain about the use of uninitialized data? 72194206Ssimon* Why doesn't a memory BIO work when a file does? 7376866Skris 7476866Skris=============================================================================== 7576866Skris 7676866Skris[MISC] ======================================================================== 7776866Skris 7859191Skris* Which is the current version of OpenSSL? 7959191Skris 8059191SkrisThe current version is available from <URL: http://www.openssl.org>. 81194206SsimonOpenSSL 0.9.8k was released on Mar 25th, 2009. 8259191Skris 8359191SkrisIn addition to the current stable release, you can also access daily 8459191Skrissnapshots of the OpenSSL development version at <URL: 8559191Skrisftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access. 8659191Skris 8759191Skris 8859191Skris* Where is the documentation? 8959191Skris 9059191SkrisOpenSSL is a library that provides cryptographic functionality to 9159191Skrisapplications such as secure web servers. Be sure to read the 9259191Skrisdocumentation of the application you want to use. The INSTALL file 9359191Skrisexplains how to install this library. 9459191Skris 9559191SkrisOpenSSL includes a command line utility that can be used to perform a 9659191Skrisvariety of cryptographic functions. It is described in the openssl(1) 9759191Skrismanpage. Documentation for developers is currently being written. A 9859191Skrisfew manual pages already are available; overviews over libcrypto and 9959191Skrislibssl are given in the crypto(3) and ssl(3) manpages. 10059191Skris 10159191SkrisThe OpenSSL manpages are installed in /usr/local/ssl/man/ (or a 10259191Skrisdifferent directory if you specified one as described in INSTALL). 10359191SkrisIn addition, you can read the most current versions at 10459191Skris<URL: http://www.openssl.org/docs/>. 10559191Skris 10659191SkrisFor information on parts of libcrypto that are not yet documented, you 10759191Skrismight want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's 10859191Skrispredecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much 10959191Skrisof this still applies to OpenSSL. 11059191Skris 11159191SkrisThere is some documentation about certificate extensions and PKCS#12 11259191Skrisin doc/openssl.txt 11359191Skris 11459191SkrisThe original SSLeay documentation is included in OpenSSL as 11559191Skrisdoc/ssleay.txt. It may be useful when none of the other resources 11659191Skrishelp, but please note that it reflects the obsolete version SSLeay 11759191Skris0.6.6. 11859191Skris 11959191Skris 12059191Skris* How can I contact the OpenSSL developers? 12159191Skris 12259191SkrisThe README file describes how to submit bug reports and patches to 12359191SkrisOpenSSL. Information on the OpenSSL mailing lists is available from 12459191Skris<URL: http://www.openssl.org>. 12559191Skris 12659191Skris 12776866Skris* Where can I get a compiled version of OpenSSL? 12876866Skris 129127128SnectarYou can finder pointers to binary distributions in 130127128Snectarhttp://www.openssl.org/related/binaries.html . 131127128Snectar 13276866SkrisSome applications that use OpenSSL are distributed in binary form. 13376866SkrisWhen using such an application, you don't need to install OpenSSL 13476866Skrisyourself; the application will include the required parts (e.g. DLLs). 13576866Skris 136127128SnectarIf you want to build OpenSSL on a Windows system and you don't have 13776866Skrisa C compiler, read the "Mingw32" section of INSTALL.W32 for information 13876866Skrison how to obtain and install the free GNU C compiler. 13976866Skris 14076866SkrisA number of Linux and *BSD distributions include OpenSSL. 14176866Skris 14276866Skris 14376866Skris* Why aren't tools like 'autoconf' and 'libtool' used? 14476866Skris 14576866Skrisautoconf will probably be used in future OpenSSL versions. If it was 14676866Skrisless Unix-centric, it might have been used much earlier. 14776866Skris 14889837Skris* What is an 'engine' version? 14976866Skris 15089837SkrisWith version 0.9.6 OpenSSL was extended to interface to external crypto 15189837Skrishardware. This was realized in a special release '0.9.6-engine'. With 152160814Ssimonversion 0.9.7 the changes were merged into the main development line, 153160814Ssimonso that the special release is no longer necessary. 15489837Skris 155109998Smarkm* How do I check the authenticity of the OpenSSL distribution? 156109998Smarkm 157109998SmarkmWe provide MD5 digests and ASC signatures of each tarball. 158109998SmarkmUse MD5 to check that a tarball from a mirror site is identical: 159109998Smarkm 160109998Smarkm md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5 161109998Smarkm 162109998SmarkmYou can check authenticity using pgp or gpg. You need the OpenSSL team 163160814Ssimonmember public key used to sign it (download it from a key server, see a 164160814Ssimonlist of keys at <URL: http://www.openssl.org/about/>). Then 165109998Smarkmjust do: 166109998Smarkm 167109998Smarkm pgp TARBALL.asc 168109998Smarkm 16976866Skris[LEGAL] ======================================================================= 17076866Skris 17159191Skris* Do I need patent licenses to use OpenSSL? 17259191Skris 17359191SkrisThe patents section of the README file lists patents that may apply to 17459191Skrisyou if you want to use OpenSSL. For information on intellectual 17559191Skrisproperty rights, please consult a lawyer. The OpenSSL team does not 17659191Skrisoffer legal advice. 17759191Skris 178160814SsimonYou can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using 179160814Ssimon ./config no-idea no-mdc2 no-rc5 18059191Skris 18159191Skris 18276866Skris* Can I use OpenSSL with GPL software? 18359191Skris 18476866SkrisOn many systems including the major Linux and BSD distributions, yes (the 18576866SkrisGPL does not place restrictions on using libraries that are part of the 18676866Skrisnormal operating system distribution). 18759191Skris 18876866SkrisOn other systems, the situation is less clear. Some GPL software copyright 18976866Skrisholders claim that you infringe on their rights if you use OpenSSL with 19076866Skristheir software on operating systems that don't normally include OpenSSL. 19159191Skris 19276866SkrisIf you develop open source software that uses OpenSSL, you may find it 19389837Skrisuseful to choose an other license than the GPL, or state explicitly that 19476866Skris"This program is released under the GPL with the additional exemption that 19576866Skriscompiling, linking, and/or using OpenSSL is allowed." If you are using 19676866SkrisGPL software developed by others, you may want to ask the copyright holder 19776866Skrisfor permission to use their software with OpenSSL. 19859191Skris 19976866Skris 20076866Skris[USER] ======================================================================== 20176866Skris 20259191Skris* Why do I get a "PRNG not seeded" error message? 20359191Skris 20459191SkrisCryptographic software needs a source of unpredictable data to work 20559191Skriscorrectly. Many open source operating systems provide a "randomness 206111147Snectardevice" (/dev/urandom or /dev/random) that serves this purpose. 207111147SnectarAll OpenSSL versions try to use /dev/urandom by default; starting with 208111147Snectarversion 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not 209111147Snectaravailable. 21059191Skris 211111147SnectarOn other systems, applications have to call the RAND_add() or 212111147SnectarRAND_seed() function with appropriate data before generating keys or 213111147Snectarperforming public key encryption. (These functions initialize the 214111147Snectarpseudo-random number generator, PRNG.) Some broken applications do 215111147Snectarnot do this. As of version 0.9.5, the OpenSSL functions that need 216111147Snectarrandomness report an error if the random number generator has not been 217111147Snectarseeded with at least 128 bits of randomness. If this error occurs and 218111147Snectaris not discussed in the documentation of the application you are 219111147Snectarusing, please contact the author of that application; it is likely 220111147Snectarthat it never worked correctly. OpenSSL 0.9.5 and later make the 221111147Snectarerror visible by refusing to perform potentially insecure encryption. 22259191Skris 223111147SnectarIf you are using Solaris 8, you can add /dev/urandom and /dev/random 224111147Snectardevices by installing patch 112438 (Sparc) or 112439 (x86), which are 225111147Snectaravailable via the Patchfinder at <URL: http://sunsolve.sun.com> 226111147Snectar(Solaris 9 includes these devices by default). For /dev/random support 227111147Snectarfor earlier Solaris versions, see Sun's statement at 228111147Snectar<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski> 229111147Snectar(the SUNWski package is available in patch 105710). 230111147Snectar 23179998SkrisOn systems without /dev/urandom and /dev/random, it is a good idea to 23279998Skrisuse the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for 23379998Skrisdetails. Starting with version 0.9.7, OpenSSL will automatically look 23479998Skrisfor an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and 23579998Skris/etc/entropy. 23659191Skris 23779998SkrisMost components of the openssl command line utility automatically try 23879998Skristo seed the random number generator from a file. The name of the 23979998Skrisdefault seeding file is determined as follows: If environment variable 24079998SkrisRANDFILE is set, then it names the seeding file. Otherwise if 24179998Skrisenvironment variable HOME is set, then the seeding file is $HOME/.rnd. 24279998SkrisIf neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will 24379998Skrisuse file .rnd in the current directory while OpenSSL 0.9.6a uses no 24479998Skrisdefault seeding file at all. OpenSSL 0.9.6b and later will behave 24589837Skrissimilarly to 0.9.6a, but will use a default of "C:\" for HOME on 24679998SkrisWindows systems if the environment variable has not been set. 24759191Skris 24879998SkrisIf the default seeding file does not exist or is too short, the "PRNG 24979998Skrisnot seeded" error message may occur. 25059191Skris 25179998SkrisThe openssl command line utility will write back a new state to the 25279998Skrisdefault seeding file (and create this file if necessary) unless 25379998Skristhere was no sufficient seeding. 25479998Skris 25579998SkrisPointing $RANDFILE to an Entropy Gathering Daemon socket does not work. 25679998SkrisUse the "-rand" option of the OpenSSL command line tools instead. 25779998SkrisThe $RANDFILE environment variable and $HOME/.rnd are only used by the 25879998SkrisOpenSSL command line tools. Applications using the OpenSSL library 25979998Skrisprovide their own configuration options to specify the entropy source, 26079998Skrisplease check out the documentation coming the with application. 26179998Skris 26259191Skris 26379998Skris* Why do I get an "unable to write 'random state'" error message? 26479998Skris 26579998Skris 26679998SkrisSometimes the openssl command line utility does not abort with 26779998Skrisa "PRNG not seeded" error message, but complains that it is 26879998Skris"unable to write 'random state'". This message refers to the 26979998Skrisdefault seeding file (see previous answer). A possible reason 27079998Skrisis that no default filename is known because neither RANDFILE 27179998Skrisnor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the 27279998Skriscurrent directory in this case, but this has changed with 0.9.6a.) 27379998Skris 27479998Skris 27576866Skris* How do I create certificates or certificate requests? 27676866Skris 27776866SkrisCheck out the CA.pl(1) manual page. This provides a simple wrapper round 27876866Skristhe 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check 27976866Skrisout the manual pages for the individual utilities and the certificate 28076866Skrisextensions documentation (currently in doc/openssl.txt). 28176866Skris 28276866Skris 28376866Skris* Why can't I create certificate requests? 28476866Skris 28576866SkrisYou typically get the error: 28676866Skris 28776866Skris unable to find 'distinguished_name' in config 28876866Skris problems making Certificate Request 28976866Skris 29076866SkrisThis is because it can't find the configuration file. Check out the 29176866SkrisDIAGNOSTICS section of req(1) for more information. 29276866Skris 29376866Skris 29476866Skris* Why does <SSL program> fail with a certificate verify error? 29576866Skris 29676866SkrisThis problem is usually indicated by log messages saying something like 29776866Skris"unable to get local issuer certificate" or "self signed certificate". 29876866SkrisWhen a certificate is verified its root CA must be "trusted" by OpenSSL 29976866Skristhis typically means that the CA certificate must be placed in a directory 30076866Skrisor file and the relevant program configured to read it. The OpenSSL program 30176866Skris'verify' behaves in a similar way and issues similar error messages: check 30276866Skristhe verify(1) program manual page for more information. 30376866Skris 30476866Skris 30576866Skris* Why can I only use weak ciphers when I connect to a server using OpenSSL? 30676866Skris 30776866SkrisThis is almost certainly because you are using an old "export grade" browser 30876866Skriswhich only supports weak encryption. Upgrade your browser to support 128 bit 30976866Skrisciphers. 31076866Skris 31176866Skris 31276866Skris* How can I create DSA certificates? 31376866Skris 31476866SkrisCheck the CA.pl(1) manual page for a DSA certificate example. 31576866Skris 31676866Skris 31776866Skris* Why can't I make an SSL connection to a server using a DSA certificate? 31876866Skris 31976866SkrisTypically you'll see a message saying there are no shared ciphers when 32076866Skristhe same setup works fine with an RSA certificate. There are two possible 32176866Skriscauses. The client may not support connections to DSA servers most web 32276866Skrisbrowsers (including Netscape and MSIE) only support connections to servers 32376866Skrissupporting RSA cipher suites. The other cause is that a set of DH parameters 32476866Skrishas not been supplied to the server. DH parameters can be created with the 32576866Skrisdhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example: 32676866Skrischeck the source to s_server in apps/s_server.c for an example. 32776866Skris 32876866Skris 32976866Skris* How can I remove the passphrase on a private key? 33076866Skris 33176866SkrisFirstly you should be really *really* sure you want to do this. Leaving 33276866Skrisa private key unencrypted is a major security risk. If you decide that 33376866Skrisyou do have to do this check the EXAMPLES sections of the rsa(1) and 33476866Skrisdsa(1) manual pages. 33576866Skris 33676866Skris 33776866Skris* Why can't I use OpenSSL certificates with SSL client authentication? 33876866Skris 33976866SkrisWhat will typically happen is that when a server requests authentication 34076866Skrisit will either not include your certificate or tell you that you have 34176866Skrisno client certificates (Netscape) or present you with an empty list box 34276866Skris(MSIE). The reason for this is that when a server requests a client 34376866Skriscertificate it includes a list of CAs names which it will accept. Browsers 34476866Skriswill only let you select certificates from the list on the grounds that 34576866Skristhere is little point presenting a certificate which the server will 34676866Skrisreject. 34776866Skris 34876866SkrisThe solution is to add the relevant CA certificate to your servers "trusted 34989837SkrisCA list". How you do this depends on the server software in uses. You can 35076866Skrisprint out the servers list of acceptable CAs using the OpenSSL s_client tool: 35176866Skris 35276866Skrisopenssl s_client -connect www.some.host:443 -prexit 35376866Skris 35476866SkrisIf your server only requests certificates on certain URLs then you may need 35576866Skristo manually issue an HTTP GET command to get the list when s_client connects: 35676866Skris 35776866SkrisGET /some/page/needing/a/certificate.html 35876866Skris 35976866SkrisIf your CA does not appear in the list then this confirms the problem. 36076866Skris 36176866Skris 36276866Skris* Why does my browser give a warning about a mismatched hostname? 36376866Skris 36476866SkrisBrowsers expect the server's hostname to match the value in the commonName 36576866Skris(CN) field of the certificate. If it does not then you get a warning. 36676866Skris 36776866Skris 36889837Skris* How do I install a CA certificate into a browser? 36989837Skris 37089837SkrisThe usual way is to send the DER encoded certificate to the browser as 37189837SkrisMIME type application/x-x509-ca-cert, for example by clicking on an appropriate 37289837Skrislink. On MSIE certain extensions such as .der or .cacert may also work, or you 37389837Skriscan import the certificate using the certificate import wizard. 37489837Skris 37589837SkrisYou can convert a certificate to DER form using the command: 37689837Skris 37789837Skrisopenssl x509 -in ca.pem -outform DER -out ca.der 37889837Skris 37989837SkrisOccasionally someone suggests using a command such as: 38089837Skris 38189837Skrisopenssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem 38289837Skris 38389837SkrisDO NOT DO THIS! This command will give away your CAs private key and 38489837Skrisreduces its security to zero: allowing anyone to forge certificates in 38589837Skriswhatever name they choose. 38689837Skris 387109998Smarkm* Why is OpenSSL x509 DN output not conformant to RFC2253? 38889837Skris 389109998SmarkmThe ways to print out the oneline format of the DN (Distinguished Name) have 390109998Smarkmbeen extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex() 391109998Smarkminterface, the "-nameopt" option could be introduded. See the manual 392109998Smarkmpage of the "openssl x509" commandline tool for details. The old behaviour 393109998Smarkmhas however been left as default for the sake of compatibility. 394109998Smarkm 395160814Ssimon* What is a "128 bit certificate"? Can I create one with OpenSSL? 396160814Ssimon 397160814SsimonThe term "128 bit certificate" is a highly misleading marketing term. It does 398160814Ssimon*not* refer to the size of the public key in the certificate! A certificate 399160814Ssimoncontaining a 128 bit RSA key would have negligible security. 400160814Ssimon 401160814SsimonThere were various other names such as "magic certificates", "SGC 402160814Ssimoncertificates", "step up certificates" etc. 403160814Ssimon 404160814SsimonYou can't generally create such a certificate using OpenSSL but there is no 405160814Ssimonneed to any more. Nowadays web browsers using unrestricted strong encryption 406160814Ssimonare generally available. 407160814Ssimon 408194206SsimonWhen there were tight restrictions on the export of strong encryption 409160814Ssimonsoftware from the US only weak encryption algorithms could be freely exported 410160814Ssimon(initially 40 bit and then 56 bit). It was widely recognised that this was 411194206Ssimoninadequate. A relaxation of the rules allowed the use of strong encryption but 412160814Ssimononly to an authorised server. 413160814Ssimon 414160814SsimonTwo slighly different techniques were developed to support this, one used by 415160814SsimonNetscape was called "step up", the other used by MSIE was called "Server Gated 416160814SsimonCryptography" (SGC). When a browser initially connected to a server it would 417160814Ssimoncheck to see if the certificate contained certain extensions and was issued by 418160814Ssimonan authorised authority. If these test succeeded it would reconnect using 419160814Ssimonstrong encryption. 420160814Ssimon 421160814SsimonOnly certain (initially one) certificate authorities could issue the 422160814Ssimoncertificates and they generally cost more than ordinary certificates. 423160814Ssimon 424160814SsimonAlthough OpenSSL can create certificates containing the appropriate extensions 425160814Ssimonthe certificate would not come from a permitted authority and so would not 426160814Ssimonbe recognized. 427160814Ssimon 428160814SsimonThe export laws were later changed to allow almost unrestricted use of strong 429160814Ssimonencryption so these certificates are now obsolete. 430160814Ssimon 431160814Ssimon 432194206Ssimon* Why does OpenSSL set the authority key identifier (AKID) extension incorrectly? 433194206Ssimon 434194206SsimonIt doesn't: this extension is often the cause of confusion. 435194206Ssimon 436194206SsimonConsider a certificate chain A->B->C so that A signs B and B signs C. Suppose 437194206Ssimoncertificate C contains AKID. 438194206Ssimon 439194206SsimonThe purpose of this extension is to identify the authority certificate B. This 440194206Ssimoncan be done either by including the subject key identifier of B or its issuer 441194206Ssimonname and serial number. 442194206Ssimon 443194206SsimonIn this latter case because it is identifying certifcate B it must contain the 444194206Ssimonissuer name and serial number of B. 445194206Ssimon 446194206SsimonIt is often wrongly assumed that it should contain the subject name of B. If it 447194206Ssimondid this would be redundant information because it would duplicate the issuer 448194206Ssimonname of C. 449194206Ssimon 450194206Ssimon 451194206Ssimon* How can I set up a bundle of commercial root CA certificates? 452194206Ssimon 453194206SsimonThe OpenSSL software is shipped without any root CA certificate as the 454194206SsimonOpenSSL project does not have any policy on including or excluding 455194206Ssimonany specific CA and does not intend to set up such a policy. Deciding 456194206Ssimonabout which CAs to support is up to application developers or 457194206Ssimonadministrators. 458194206Ssimon 459194206SsimonOther projects do have other policies so you can for example extract the CA 460194206Ssimonbundle used by Mozilla and/or modssl as described in this article: 461194206Ssimon 462194206Ssimon http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html 463194206Ssimon 464194206Ssimon 46576866Skris[BUILD] ======================================================================= 46676866Skris 46759191Skris* Why does the linker complain about undefined symbols? 46859191Skris 46959191SkrisMaybe the compilation was interrupted, and make doesn't notice that 47059191Skrissomething is missing. Run "make clean; make". 47159191Skris 47259191SkrisIf you used ./Configure instead of ./config, make sure that you 47359191Skrisselected the right target. File formats may differ slightly between 47459191SkrisOS versions (for example sparcv8/sparcv9, or a.out/elf). 47559191Skris 47659191SkrisIn case you get errors about the following symbols, use the config 47759191Skrisoption "no-asm", as described in INSTALL: 47859191Skris 47959191Skris BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt, 48059191Skris CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt, 48159191Skris RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words, 48259191Skris bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4, 48359191Skris bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3, 48459191Skris des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3, 48559191Skris des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order 48659191Skris 48759191SkrisIf none of these helps, you may want to try using the current snapshot. 48859191SkrisIf the problem persists, please submit a bug report. 48959191Skris 49059191Skris 49176866Skris* Why does the OpenSSL test fail with "bc: command not found"? 49259191Skris 49376866SkrisYou didn't install "bc", the Unix calculator. If you want to run the 49476866Skristests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor. 49559191Skris 49659191Skris 49776866Skris* Why does the OpenSSL test fail with "bc: 1 no implemented"? 49859191Skris 49976866SkrisOn some SCO installations or versions, bc has a bug that gets triggered 50076866Skriswhen you run the test suite (using "make test"). The message returned is 50176866Skris"bc: 1 not implemented". 50259191Skris 50376866SkrisThe best way to deal with this is to find another implementation of bc 50476866Skrisand compile/install it. GNU bc (see http://www.gnu.org/software/software.html 50576866Skrisfor download instructions) can be safely used, for example. 50676866Skris 50776866Skris 508109998Smarkm* Why does the OpenSSL test fail with "bc: stack empty"? 509109998Smarkm 510109998SmarkmOn some DG/ux versions, bc seems to have a too small stack for calculations 511109998Smarkmthat the OpenSSL bntest throws at it. This gets triggered when you run the 512109998Smarkmtest suite (using "make test"). The message returned is "bc: stack empty". 513109998Smarkm 514109998SmarkmThe best way to deal with this is to find another implementation of bc 515109998Smarkmand compile/install it. GNU bc (see http://www.gnu.org/software/software.html 516109998Smarkmfor download instructions) can be safely used, for example. 517109998Smarkm 518109998Smarkm 51989837Skris* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? 52076866Skris 52189837SkrisOn some Alpha installations running Tru64 Unix and Compaq C, the compilation 52276866Skrisof crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual 52376866Skrismemory to continue compilation.' As far as the tests have shown, this may be 52476866Skrisa compiler bug. What happens is that it eats up a lot of resident memory 52576866Skristo build something, probably a table. The problem is clearly in the 52676866Skrisoptimization code, because if one eliminates optimization completely (-O0), 52776866Skristhe compilation goes through (and the compiler consumes about 2MB of resident 52876866Skrismemory instead of 240MB or whatever one's limit is currently). 52976866Skris 53076866SkrisThere are three options to solve this problem: 53176866Skris 53276866Skris1. set your current data segment size soft limit higher. Experience shows 53376866Skristhat about 241000 kbytes seems to be enough on an AlphaServer DS10. You do 53476866Skristhis with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of 53576866Skriskbytes to set the limit to. 53676866Skris 53776866Skris2. If you have a hard limit that is lower than what you need and you can't 53876866Skrisget it changed, you can compile all of OpenSSL with -O0 as optimization 53976866Skrislevel. This is however not a very nice thing to do for those who expect to 54076866Skrisget the best result from OpenSSL. A bit more complicated solution is the 54176866Skrisfollowing: 54276866Skris 54376866Skris----- snip:start ----- 544160814Ssimon make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \ 54576866Skris sed -e 's/ -O[0-9] / -O0 /'`" 54676866Skris rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'` 54776866Skris make 54876866Skris----- snip:end ----- 54976866Skris 55076866SkrisThis will only compile sha_dgst.c with -O0, the rest with the optimization 55176866Skrislevel chosen by the configuration process. When the above is done, do the 55276866Skristest and installation and you're set. 55376866Skris 554160814Ssimon3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It 555160814Ssimonshould not be used and is not used in SSL/TLS nor any other recognized 556160814Ssimonprotocol in either case. 55776866Skris 558160814Ssimon 55976866Skris* Why does the OpenSSL compilation fail with "ar: command not found"? 56076866Skris 56176866SkrisGetting this message is quite usual on Solaris 2, because Sun has hidden 56276866Skrisaway 'ar' and other development commands in directories that aren't in 56376866Skris$PATH by default. One of those directories is '/usr/ccs/bin'. The 56476866Skrisquickest way to fix this is to do the following (it assumes you use sh 56576866Skrisor any sh-compatible shell): 56676866Skris 56776866Skris----- snip:start ----- 56876866Skris PATH=${PATH}:/usr/ccs/bin; export PATH 56976866Skris----- snip:end ----- 57076866Skris 57176866Skrisand then redo the compilation. What you should really do is make sure 57276866Skris'/usr/ccs/bin' is permanently in your $PATH, for example through your 57376866Skris'.profile' (again, assuming you use a sh-compatible shell). 57476866Skris 57576866Skris 57676866Skris* Why does the OpenSSL compilation fail on Win32 with VC++? 57776866Skris 57876866SkrisSometimes, you may get reports from VC++ command line (cl) that it 57976866Skriscan't find standard include files like stdio.h and other weirdnesses. 58076866SkrisOne possible cause is that the environment isn't correctly set up. 581111147SnectarTo solve that problem for VC++ versions up to 6, one should run 582111147SnectarVCVARS32.BAT which is found in the 'bin' subdirectory of the VC++ 583111147Snectarinstallation directory (somewhere under 'Program Files'). For VC++ 584111147Snectarversion 7 (and up?), which is also called VS.NET, the file is called 585111147SnectarVSVARS32.BAT instead. 586111147SnectarThis needs to be done prior to running NMAKE, and the changes are only 587111147Snectarvalid for the current DOS session. 58876866Skris 58976866Skris 590100936Snectar* What is special about OpenSSL on Redhat? 591100936Snectar 592100936SnectarRed Hat Linux (release 7.0 and later) include a preinstalled limited 593100936Snectarversion of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2 594100936Snectaris disabled in this version. The same may apply to other Linux distributions. 595100936SnectarUsers may therefore wish to install more or all of the features left out. 596100936Snectar 597100936SnectarTo do this you MUST ensure that you do not overwrite the openssl that is in 598100936Snectar/usr/bin on your Red Hat machine. Several packages depend on this file, 599100936Snectarincluding sendmail and ssh. /usr/local/bin is a good alternative choice. The 600100936Snectarlibraries that come with Red Hat 7.0 onwards have different names and so are 601100936Snectarnot affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and 602100936Snectar/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and 603100936Snectar/lib/libcrypto.so.2 respectively). 604100936Snectar 605100936SnectarPlease note that we have been advised by Red Hat attempting to recompile the 606100936Snectaropenssl rpm with all the cryptography enabled will not work. All other 607100936Snectarpackages depend on the original Red Hat supplied openssl package. It is also 608100936Snectarworth noting that due to the way Red Hat supplies its packages, updates to 609100936Snectaropenssl on each distribution never change the package version, only the 610100936Snectarbuild number. For example, on Red Hat 7.1, the latest openssl package has 611100936Snectarversion number 0.9.6 and build number 9 even though it contains all the 612100936Snectarrelevant updates in packages up to and including 0.9.6b. 613100936Snectar 614100936SnectarA possible way around this is to persuade Red Hat to produce a non-US 615100936Snectarversion of Red Hat Linux. 616100936Snectar 617100936SnectarFYI: Patent numbers and expiry dates of US patents: 618100936SnectarMDC-2: 4,908,861 13/03/2007 619100936SnectarIDEA: 5,214,703 25/05/2010 620100936SnectarRC5: 5,724,428 03/03/2015 621100936Snectar 622100936Snectar 623109998Smarkm* Why does the OpenSSL compilation fail on MacOS X? 624109998Smarkm 625109998SmarkmIf the failure happens when trying to build the "openssl" binary, with 626109998Smarkma large number of undefined symbols, it's very probable that you have 627109998SmarkmOpenSSL 0.9.6b delivered with the operating system (you can find out by 628109998Smarkmrunning '/usr/bin/openssl version') and that you were trying to build 629109998SmarkmOpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in 630109998SmarkmMacOS X has a misfeature that's quite difficult to go around. 631109998SmarkmLook in the file PROBLEMS for a more detailed explanation and for possible 632109998Smarkmsolutions. 633109998Smarkm 634109998Smarkm 635100936Snectar* Why does the OpenSSL test suite fail on MacOS X? 636100936Snectar 637100936SnectarIf the failure happens when running 'make test' and the RC4 test fails, 638100936Snectarit's very probable that you have OpenSSL 0.9.6b delivered with the 639100936Snectaroperating system (you can find out by running '/usr/bin/openssl version') 640100936Snectarand that you were trying to build OpenSSL 0.9.6d. The problem is that 641100936Snectarthe loader ('ld') in MacOS X has a misfeature that's quite difficult to 642100936Snectargo around and has linked the programs "openssl" and the test programs 643100936Snectarwith /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the 644100936Snectarlibraries you just built. 645100936SnectarLook in the file PROBLEMS for a more detailed explanation and for possible 646100936Snectarsolutions. 647100936Snectar 648109998Smarkm* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? 649109998Smarkm 650109998SmarkmFailure in BN_sqr test is most likely caused by a failure to configure the 651109998Smarkmtoolkit for current platform or lack of support for the platform in question. 652109998SmarkmRun './config -t' and './apps/openssl version -p'. Do these platform 653109998Smarkmidentifiers match? If they don't, then you most likely failed to run 654109998Smarkm./config and you're hereby advised to do so before filing a bug report. 655109998SmarkmIf ./config itself fails to run, then it's most likely problem with your 656109998Smarkmlocal environment and you should turn to your system administrator (or 657109998Smarkmsimilar). If identifiers match (and/or no alternative identifier is 658109998Smarkmsuggested by ./config script), then the platform is unsupported. There might 659109998Smarkmor might not be a workaround. Most notably on SPARC64 platforms with GNU 660109998SmarkmC compiler you should be able to produce a working build by running 661109998Smarkm'./config -m32'. I understand that -m32 might not be what you want/need, 662109998Smarkmbut the build should be operational. For further details turn to 663109998Smarkm<openssl-dev@openssl.org>. 664109998Smarkm 665109998Smarkm* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? 666109998Smarkm 667109998SmarkmAs of 0.9.7 assembler routines were overhauled for position independence 668109998Smarkmof the machine code, which is essential for shared library support. For 669109998Smarkmsome reason OpenBSD is equipped with an out-of-date GNU assembler which 670109998Smarkmfinds the new code offensive. To work around the problem, configure with 671111147Snectarno-asm (and sacrifice a great deal of performance) or patch your assembler 672111147Snectaraccording to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>. 673109998SmarkmFor your convenience a pre-compiled replacement binary is provided at 674111147Snectar<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>. 675111147SnectarReportedly elder *BSD a.out platforms also suffer from this problem and 676111147Snectarremedy should be same. Provided binary is statically linked and should be 677111147Snectarworking across wider range of *BSD branches, not just OpenBSD. 678109998Smarkm 679160814Ssimon* Why does the OpenSSL test suite fail in sha512t on x86 CPU? 680160814Ssimon 681160814SsimonIf the test program in question fails withs SIGILL, Illegal Instruction 682160814Ssimonexception, then you more than likely to run SSE2-capable CPU, such as 683160814SsimonIntel P4, under control of kernel which does not support SSE2 684160814Ssimoninstruction extentions. See accompanying INSTALL file and 685160814SsimonOPENSSL_ia32cap(3) documentation page for further information. 686160814Ssimon 687160814Ssimon* Why does compiler fail to compile sha512.c? 688160814Ssimon 689160814SsimonOpenSSL SHA-512 implementation depends on compiler support for 64-bit 690160814Ssimoninteger type. Few elder compilers [ULTRIX cc, SCO compiler to mention a 691160814Ssimoncouple] lack support for this and therefore are incapable of compiling 692160814Ssimonthe module in question. The recommendation is to disable SHA-512 by 693160814Ssimonadding no-sha512 to ./config [or ./Configure] command line. Another 694160814Ssimonpossible alternative might be to switch to GCC. 695160814Ssimon 696160814Ssimon* Test suite still fails, what to do? 697160814Ssimon 698160814SsimonAnother common reason for failure to complete some particular test is 699160814Ssimonsimply bad code generated by a buggy component in toolchain or deficiency 700160814Ssimonin run-time environment. There are few cases documented in PROBLEMS file, 701160814Ssimonconsult it for possible workaround before you beat the drum. Even if you 702160814Ssimondon't find solution or even mention there, do reserve for possibility of 703160814Ssimona compiler bug. Compiler bugs might appear in rather bizarre ways, they 704160814Ssimonnever make sense, and tend to emerge when you least expect them. In order 705160814Ssimonto identify one, drop optimization level, e.g. by editing CFLAG line in 706160814Ssimontop-level Makefile, recompile and re-run the test. 707160814Ssimon 70876866Skris[PROG] ======================================================================== 70976866Skris 71076866Skris* Is OpenSSL thread-safe? 71176866Skris 71276866SkrisYes (with limitations: an SSL connection may not concurrently be used 71376866Skrisby multiple threads). On Windows and many Unix systems, OpenSSL 71476866Skrisautomatically uses the multi-threaded versions of the standard 71576866Skrislibraries. If your platform is not one of these, consult the INSTALL 71676866Skrisfile. 71776866Skris 71876866SkrisMulti-threaded applications must provide two callback functions to 719162911SsimonOpenSSL by calling CRYPTO_set_locking_callback() and 720162911SsimonCRYPTO_set_id_callback(). This is described in the threads(3) 721162911Ssimonmanpage. 72276866Skris 72359191Skris* I've compiled a program under Windows and it crashes: why? 72459191Skris 72589837SkrisThis is usually because you've missed the comment in INSTALL.W32. 72689837SkrisYour application must link against the same version of the Win32 72789837SkrisC-Runtime against which your openssl libraries were linked. The 72889837Skrisdefault version for OpenSSL is /MD - "Multithreaded DLL". 72959191Skris 73089837SkrisIf you are using Microsoft Visual C++'s IDE (Visual Studio), in 73189837Skrismany cases, your new project most likely defaulted to "Debug 73289837SkrisSinglethreaded" - /ML. This is NOT interchangeable with /MD and your 73389837Skrisprogram will crash, typically on the first BIO related read or write 73489837Skrisoperation. 73559191Skris 73689837SkrisFor each of the six possible link stage configurations within Win32, 73789837Skrisyour application must link against the same by which OpenSSL was 73889837Skrisbuilt. If you are using MS Visual C++ (Studio) this can be changed 73989837Skrisby: 74089837Skris 741160814Ssimon 1. Select Settings... from the Project Menu. 742160814Ssimon 2. Select the C/C++ Tab. 743160814Ssimon 3. Select "Code Generation from the "Category" drop down list box 744160814Ssimon 4. Select the Appropriate library (see table below) from the "Use 74589837Skris run-time library" drop down list box. Perform this step for both 74689837Skris your debug and release versions of your application (look at the 74789837Skris top left of the settings panel to change between the two) 74889837Skris 74989837Skris Single Threaded /ML - MS VC++ often defaults to 75089837Skris this for the release 75189837Skris version of a new project. 75289837Skris Debug Single Threaded /MLd - MS VC++ often defaults to 75389837Skris this for the debug version 75489837Skris of a new project. 75589837Skris Multithreaded /MT 75689837Skris Debug Multithreaded /MTd 75789837Skris Multithreaded DLL /MD - OpenSSL defaults to this. 75889837Skris Debug Multithreaded DLL /MDd 75989837Skris 76089837SkrisNote that debug and release libraries are NOT interchangeable. If you 76189837Skrisbuilt OpenSSL with /MD your application must use /MD and cannot use /MDd. 76289837Skris 763160814SsimonAs per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL 764160814Ssimon.DLLs compiled with some specific run-time option [we insist on the 765160814Ssimondefault /MD] can be deployed with application compiled with different 766160814Ssimonoption or even different compiler. But there is a catch! Instead of 767160814Ssimonre-compiling OpenSSL toolkit, as you would have to with prior versions, 768160814Ssimonyou have to compile small C snippet with compiler and/or options of 769160814Ssimonyour choice. The snippet gets installed as 770160814Ssimon<install-root>/include/openssl/applink.c and should be either added to 771160814Ssimonyour application project or simply #include-d in one [and only one] 772160814Ssimonof your application source files. Failure to link this shim module 773160814Ssimoninto your application manifests itself as fatal "no OPENSSL_Applink" 774160814Ssimonrun-time error. An explicit reminder is due that in this situation 775160814Ssimon[mixing compiler options] it is as important to add CRYPTO_malloc_init 776160814Ssimonprior first call to OpenSSL. 77789837Skris 77868651Skris* How do I read or write a DER encoded buffer using the ASN1 functions? 77968651Skris 78068651SkrisYou have two options. You can either use a memory BIO in conjunction 781160814Ssimonwith the i2d_*_bio() or d2i_*_bio() functions or you can use the 782160814Ssimoni2d_*(), d2i_*() functions directly. Since these are often the 78368651Skriscause of grief here are some code fragments using PKCS7 as an example: 78468651Skris 785160814Ssimon unsigned char *buf, *p; 786160814Ssimon int len; 78768651Skris 788160814Ssimon len = i2d_PKCS7(p7, NULL); 789160814Ssimon buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */ 790160814Ssimon p = buf; 791160814Ssimon i2d_PKCS7(p7, &p); 79268651Skris 79368651SkrisAt this point buf contains the len bytes of the DER encoding of 79468651Skrisp7. 79568651Skris 79668651SkrisThe opposite assumes we already have len bytes in buf: 79768651Skris 798160814Ssimon unsigned char *p; 799160814Ssimon p = buf; 800160814Ssimon p7 = d2i_PKCS7(NULL, &p, len); 80168651Skris 80268651SkrisAt this point p7 contains a valid PKCS7 structure of NULL if an error 80368651Skrisoccurred. If an error occurred ERR_print_errors(bio) should give more 80468651Skrisinformation. 80568651Skris 80668651SkrisThe reason for the temporary variable 'p' is that the ASN1 functions 80768651Skrisincrement the passed pointer so it is ready to read or write the next 80868651Skrisstructure. This is often a cause of problems: without the temporary 80968651Skrisvariable the buffer pointer is changed to point just after the data 81068651Skristhat has been read or written. This may well be uninitialized data 81168651Skrisand attempts to free the buffer will have unpredictable results 81268651Skrisbecause it no longer points to the same address. 81368651Skris 81468651Skris 815142425Snectar* OpenSSL uses DER but I need BER format: does OpenSSL support BER? 816142425Snectar 817142425SnectarThe short answer is yes, because DER is a special case of BER and OpenSSL 818142425SnectarASN1 decoders can process BER. 819142425Snectar 820142425SnectarThe longer answer is that ASN1 structures can be encoded in a number of 821142425Snectardifferent ways. One set of ways is the Basic Encoding Rules (BER) with various 822142425Snectarpermissible encodings. A restriction of BER is the Distinguished Encoding 823142425SnectarRules (DER): these uniquely specify how a given structure is encoded. 824142425Snectar 825142425SnectarTherefore, because DER is a special case of BER, DER is an acceptable encoding 826142425Snectarfor BER. 827142425Snectar 828142425Snectar 82968651Skris* I've tried using <M_some_evil_pkcs12_macro> and I get errors why? 83068651Skris 83168651SkrisThis usually happens when you try compiling something using the PKCS#12 83268651Skrismacros with a C++ compiler. There is hardly ever any need to use the 83368651SkrisPKCS#12 macros in a program, it is much easier to parse and create 83468651SkrisPKCS#12 files using the PKCS12_parse() and PKCS12_create() functions 83568651Skrisdocumented in doc/openssl.txt and with examples in demos/pkcs12. The 83668651Skris'pkcs12' application has to use the macros because it prints out 83768651Skrisdebugging information. 83868651Skris 83968651Skris 84059191Skris* I've called <some function> and it fails, why? 84159191Skris 84268651SkrisBefore submitting a report or asking in one of the mailing lists, you 84368651Skrisshould try to determine the cause. In particular, you should call 84459191SkrisERR_print_errors() or ERR_print_errors_fp() after the failed call 84568651Skrisand see if the message helps. Note that the problem may occur earlier 84668651Skristhan you think -- you should check for errors after every call where 84768651Skrisit is possible, otherwise the actual problem may be hidden because 84868651Skrissome OpenSSL functions clear the error state. 84959191Skris 85059191Skris 85159191Skris* I just get a load of numbers for the error output, what do they mean? 85259191Skris 85359191SkrisThe actual format is described in the ERR_print_errors() manual page. 85459191SkrisYou should call the function ERR_load_crypto_strings() before hand and 85559191Skristhe message will be output in text form. If you can't do this (for example 85659191Skrisit is a pre-compiled binary) you can use the errstr utility on the error 85759191Skriscode itself (the hex digits after the second colon). 85859191Skris 85959191Skris 86059191Skris* Why do I get errors about unknown algorithms? 86159191Skris 862194206SsimonThe cause is forgetting to load OpenSSL's table of algorithms with 863194206SsimonOpenSSL_add_all_algorithms(). See the manual page for more information. This 864194206Ssimoncan cause several problems such as being unable to read in an encrypted 865194206SsimonPEM file, unable to decrypt a PKCS#12 file or signature failure when 866194206Ssimonverifying certificates. 86759191Skris 86859191Skris* Why can't the OpenSSH configure script detect OpenSSL? 86959191Skris 87089837SkrisSeveral reasons for problems with the automatic detection exist. 87189837SkrisOpenSSH requires at least version 0.9.5a of the OpenSSL libraries. 87289837SkrisSometimes the distribution has installed an older version in the system 87389837Skrislocations that is detected instead of a new one installed. The OpenSSL 87489837Skrislibrary might have been compiled for another CPU or another mode (32/64 bits). 87589837SkrisPermissions might be wrong. 87659191Skris 87789837SkrisThe general answer is to check the config.log file generated when running 87889837Skristhe OpenSSH configure script. It should contain the detailed information 87989837Skrison why the OpenSSL library was not detected or considered incompatible. 88068651Skris 881120631Snectar 88276866Skris* Can I use OpenSSL's SSL library with non-blocking I/O? 88368651Skris 88476866SkrisYes; make sure to read the SSL_get_error(3) manual page! 88568651Skris 88676866SkrisA pitfall to avoid: Don't assume that SSL_read() will just read from 88776866Skristhe underlying transport or that SSL_write() will just write to it -- 88876866Skrisit is also possible that SSL_write() cannot do any useful work until 88976866Skristhere is data to read, or that SSL_read() cannot do anything until it 89076866Skrisis possible to send data. One reason for this is that the peer may 89176866Skrisrequest a new TLS/SSL handshake at any time during the protocol, 89276866Skrisrequiring a bi-directional message exchange; both SSL_read() and 89376866SkrisSSL_write() will try to continue any pending handshake. 89468651Skris 89568651Skris 89679998Skris* Why doesn't my server application receive a client certificate? 89779998Skris 89879998SkrisDue to the TLS protocol definition, a client will only send a certificate, 89989837Skrisif explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the 90079998SkrisSSL_CTX_set_verify() function to enable the use of client certificates. 90179998Skris 90279998Skris 903109998Smarkm* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? 904109998Smarkm 905109998SmarkmFor OpenSSL 0.9.7 the OID table was extended and corrected. In earlier 906109998Smarkmversions, uniqueIdentifier was incorrectly used for X.509 certificates. 907109998SmarkmThe correct name according to RFC2256 (LDAP) is x500UniqueIdentifier. 908109998SmarkmChange your code to use the new name when compiling against OpenSSL 0.9.7. 909109998Smarkm 910109998Smarkm 911142425Snectar* I think I've detected a memory leak, is this a bug? 912142425Snectar 913142425SnectarIn most cases the cause of an apparent memory leak is an OpenSSL internal table 914142425Snectarthat is allocated when an application starts up. Since such tables do not grow 915142425Snectarin size over time they are harmless. 916142425Snectar 917142425SnectarThese internal tables can be freed up when an application closes using various 918160814Ssimonfunctions. Currently these include following: 919142425Snectar 920160814SsimonThread-local cleanup functions: 921142425Snectar 922160814Ssimon ERR_remove_state() 923160814Ssimon 924160814SsimonApplication-global cleanup functions that are aware of usage (and therefore 925160814Ssimonthread-safe): 926160814Ssimon 927160814Ssimon ENGINE_cleanup() and CONF_modules_unload() 928160814Ssimon 929160814Ssimon"Brutal" (thread-unsafe) Application-global cleanup functions: 930160814Ssimon 931160814Ssimon ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data(). 932160814Ssimon 933160814Ssimon 934194206Ssimon* Why does Valgrind complain about the use of uninitialized data? 935194206Ssimon 936194206SsimonWhen OpenSSL's PRNG routines are called to generate random numbers the supplied 937194206Ssimonbuffer contents are mixed into the entropy pool: so it technically does not 938194206Ssimonmatter whether the buffer is initialized at this point or not. Valgrind (and 939194206Ssimonother test tools) will complain about this. When using Valgrind, make sure the 940194206SsimonOpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY) 941194206Ssimonto get rid of these warnings. 942194206Ssimon 943194206Ssimon 944194206Ssimon* Why doesn't a memory BIO work when a file does? 945194206Ssimon 946194206SsimonThis can occur in several cases for example reading an S/MIME email message. 947194206SsimonThe reason is that a memory BIO can do one of two things when all the data 948194206Ssimonhas been read from it. 949194206Ssimon 950194206SsimonThe default behaviour is to indicate that no more data is available and that 951194206Ssimonthe call should be retried, this is to allow the application to fill up the BIO 952194206Ssimonagain if necessary. 953194206Ssimon 954194206SsimonAlternatively it can indicate that no more data is available and that EOF has 955194206Ssimonbeen reached. 956194206Ssimon 957194206SsimonIf a memory BIO is to behave in the same way as a file this second behaviour 958194206Ssimonis needed. This must be done by calling: 959194206Ssimon 960194206Ssimon BIO_set_mem_eof_return(bio, 0); 961194206Ssimon 962194206SsimonSee the manual pages for more details. 963194206Ssimon 964194206Ssimon 96576866Skris=============================================================================== 966