diff options
Diffstat (limited to 'crypto/openssl/FAQ')
| -rw-r--r-- | crypto/openssl/FAQ | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/crypto/openssl/FAQ b/crypto/openssl/FAQ index 0b40039ef81e..1c232c3c54b8 100644 --- a/crypto/openssl/FAQ +++ b/crypto/openssl/FAQ @@ -52,6 +52,7 @@ OpenSSL - Frequently Asked Questions * Is OpenSSL thread-safe? * I've compiled a program under Windows and it crashes: why? * How do I read or write a DER encoded buffer using the ASN1 functions? +* OpenSSL uses DER but I need BER format: does OpenSSL support BER? * I've tried using <M_some_evil_pkcs12_macro> and I get errors why? * I've called <some function> and it fails, why? * I just get a load of numbers for the error output, what do they mean? @@ -60,6 +61,7 @@ OpenSSL - Frequently Asked Questions * Can I use OpenSSL's SSL library with non-blocking I/O? * Why doesn't my server application receive a client certificate? * Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? +* I think I've detected a memory leak, is this a bug? =============================================================================== @@ -68,7 +70,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 0.9.7d was released on March 17, 2004. +OpenSSL 0.9.7e was released on October 25, 2004. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: @@ -460,7 +462,7 @@ get the best result from OpenSSL. A bit more complicated solution is the following: ----- snip:start ----- - make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \ + make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile | \ sed -e 's/ -O[0-9] / -O0 /'`" rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'` make @@ -683,6 +685,20 @@ and attempts to free the buffer will have unpredictable results because it no longer points to the same address. +* OpenSSL uses DER but I need BER format: does OpenSSL support BER? + +The short answer is yes, because DER is a special case of BER and OpenSSL +ASN1 decoders can process BER. + +The longer answer is that ASN1 structures can be encoded in a number of +different ways. One set of ways is the Basic Encoding Rules (BER) with various +permissible encodings. A restriction of BER is the Distinguished Encoding +Rules (DER): these uniquely specify how a given structure is encoded. + +Therefore, because DER is a special case of BER, DER is an acceptable encoding +for BER. + + * I've tried using <M_some_evil_pkcs12_macro> and I get errors why? This usually happens when you try compiling something using the PKCS#12 @@ -765,5 +781,17 @@ The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier. Change your code to use the new name when compiling against OpenSSL 0.9.7. +* I think I've detected a memory leak, is this a bug? + +In most cases the cause of an apparent memory leak is an OpenSSL internal table +that is allocated when an application starts up. Since such tables do not grow +in size over time they are harmless. + +These internal tables can be freed up when an application closes using various +functions. Currently these include: EVP_cleanup(), ERR_remove_state(), +ERR_free_strings(), ENGINE_cleanup(), CONF_modules_unload() and +CRYPTO_cleanup_all_ex_data(). + + =============================================================================== |