OpenBSD complains.

[openssl.git] / FAQ

diff --git a/FAQ b/FAQ
index f571faa05e3c4367e76890f116b5266f09fd7c6f..78018fc8fed88b546ed313b7115a52a8e1f4095c 100644 (file)
--- a/FAQ
+++ b/FAQ
@@ -79,9 +79,11 @@ the popular web browsers without RSA support.
 
 * Is OpenSSL thread-safe?
 
-Yes.  On Windows and many Unix systems, OpenSSL automatically uses the
-multi-threaded versions of the standard libraries.  If your platform
-is not one of these, consult the INSTALL file.
+Yes (with limitations: an SSL connection may not concurrently be used
+by multiple threads).  On Windows and many Unix systems, OpenSSL
+automatically uses the multi-threaded versions of the standard
+libraries.  If your platform is not one of these, consult the INSTALL
+file.
 
 Multi-threaded applications must provide two callback functions to
 OpenSSL.  This is described in the threads(3) manpage.
@@ -103,6 +105,15 @@ application you are using.  It is likely that it never worked
 correctly.  OpenSSL 0.9.5 makes the error visible by refusing to
 perform potentially insecure encryption.
 
+Most components of the openssl command line tool try to use the
+file $HOME/.rnd (or $RANDFILE, if this environment variable is set)
+for seeding the PRNG.  If this file does not exist or is too short,
+the "PRNG not seeded" error message may occur.
+Note that the command "openssl rsa" in OpenSSL 0.9.5 does not do this
+and will fail on systems without /dev/urandom when trying to
+password-encrypt an RSA key!  This is a bug in the library;
+try a later snaphost instead.
+
 
 * Why does the linker complain about undefined symbols?