OpenBSD complains.

[openssl.git] / FAQ

diff --git a/FAQ b/FAQ
index f571faa05e3c4367e76890f116b5266f09fd7c6f..78018fc8fed88b546ed313b7115a52a8e1f4095c 100644 (file)
--- a/FAQ
+++ b/FAQ
@@ -79,9 +79,11 @@ the popular web browsers without RSA support.
 
 * Is OpenSSL thread-safe?
 
 
 * Is OpenSSL thread-safe?
 

-Yes.  On Windows and many Unix systems, OpenSSL automatically uses the
-multi-threaded versions of the standard libraries.  If your platform
-is not one of these, consult the INSTALL file.
+Yes (with limitations: an SSL connection may not concurrently be used
+by multiple threads).  On Windows and many Unix systems, OpenSSL
+automatically uses the multi-threaded versions of the standard
+libraries.  If your platform is not one of these, consult the INSTALL
+file.

 
 Multi-threaded applications must provide two callback functions to
 OpenSSL.  This is described in the threads(3) manpage.
 
 Multi-threaded applications must provide two callback functions to
 OpenSSL.  This is described in the threads(3) manpage.


@@ -103,6 +105,15 @@ application you are using.  It is likely that it never worked
 correctly.  OpenSSL 0.9.5 makes the error visible by refusing to
 perform potentially insecure encryption.
 
 correctly.  OpenSSL 0.9.5 makes the error visible by refusing to
 perform potentially insecure encryption.
 

+Most components of the openssl command line tool try to use the
+file $HOME/.rnd (or $RANDFILE, if this environment variable is set)
+for seeding the PRNG.  If this file does not exist or is too short,
+the "PRNG not seeded" error message may occur.
+Note that the command "openssl rsa" in OpenSSL 0.9.5 does not do this
+and will fail on systems without /dev/urandom when trying to
+password-encrypt an RSA key!  This is a bug in the library;
+try a later snaphost instead.
+

 
 * Why does the linker complain about undefined symbols?
 
 
 * Why does the linker complain about undefined symbols?