X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=FAQ;h=0b9d60c32abd37be6117650a0ec08940303adda5;hp=1f77e478432e999558ea6c18a7607ac2c1fa0e06;hb=87adf1fa96ab4bba2787e1d44d1bd0f578580bf8;hpb=c25a0aae6bea532d41aeccca13a3c3bf4c751eb2 diff --git a/FAQ b/FAQ index 1f77e47843..0b9d60c32a 100644 --- a/FAQ +++ b/FAQ @@ -10,6 +10,7 @@ OpenSSL - Frequently Asked Questions * Why aren't tools like 'autoconf' and 'libtool' used? * What is an 'engine' version? * How do I check the authenticity of the OpenSSL distribution? +* How does the versioning scheme work? [LEGAL] Legal questions @@ -82,7 +83,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from . -OpenSSL 1.0.0 was released on Mar 29th, 2010. +OpenSSL 1.0.1c was released on May 10, 2012. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at . Note that the online documents refer to the very latest development versions of OpenSSL and may include features not present in released versions. If in doubt refer to the documentation -that came with the version of OpenSSL you are using. +that came with the version of OpenSSL you are using. The pod format +documentation is included in each OpenSSL distribution under the docs +directory. For information on parts of libcrypto that are not yet documented, you might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's @@ -134,7 +137,7 @@ OpenSSL. Information on the OpenSSL mailing lists is available from * Where can I get a compiled version of OpenSSL? You can finder pointers to binary distributions in -http://www.openssl.org/related/binaries.html . + . Some applications that use OpenSSL are distributed in binary form. When using such an application, you don't need to install OpenSSL @@ -173,6 +176,19 @@ just do: pgp TARBALL.asc +* How does the versioning scheme work? + +After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter +releases (e.g. 1.0.1a) can only contain bug and security fixes and no +new features. Minor releases change the last number (e.g. 1.0.2) and +can contain new features that retain binary compatibility. Changes to +the middle number are considered major releases and neither source nor +binary compatibility is guaranteed. + +Therefore the answer to the common question "when will feature X be +backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear +in the next minor release. + [LEGAL] ======================================================================= * Do I need patent licenses to use OpenSSL? @@ -284,7 +300,7 @@ current directory in this case, but this has changed with 0.9.6a.) Check out the CA.pl(1) manual page. This provides a simple wrapper round the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check out the manual pages for the individual utilities and the certificate -extensions documentation (currently in doc/openssl.txt). +extensions documentation (in ca(1), req(1), x509v3_config(5) ) * Why can't I create certificate requests? @@ -466,7 +482,7 @@ administrators. Other projects do have other policies so you can for example extract the CA bundle used by Mozilla and/or modssl as described in this article: - http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html + [BUILD] ======================================================================= @@ -508,7 +524,7 @@ when you run the test suite (using "make test"). The message returned is "bc: 1 not implemented". The best way to deal with this is to find another implementation of bc -and compile/install it. GNU bc (see http://www.gnu.org/software/software.html +and compile/install it. GNU bc (see for download instructions) can be safely used, for example. @@ -519,7 +535,7 @@ that the OpenSSL bntest throws at it. This gets triggered when you run the test suite (using "make test"). The message returned is "bc: stack empty". The best way to deal with this is to find another implementation of bc -and compile/install it. GNU bc (see http://www.gnu.org/software/software.html +and compile/install it. GNU bc (see for download instructions) can be safely used, for example. @@ -720,16 +736,17 @@ documentation and the mailing lists for similar queries. If you are still unsure whether it is a bug or not submit a query to the openssl-users mailing list. + * I'm SURE I've found a bug, how do I report it? Bug reports with no security implications should be sent to the request -tracker. This can be done my mailing the report to rt@openssl.org (or its alias -openssl-bugs@openssl.org), please note that messages sent to the request -tracker also appear in the public openssl-dev mailing list. +tracker. This can be done by mailing the report to (or its +alias ), please note that messages sent to the +request tracker also appear in the public openssl-dev mailing list. The report should be in plain text. Any patches should be sent as plain text attachments because some mailers corrupt patches sent inline. -If your issue affects multiple versions of OpenSSL check any patch apply +If your issue affects multiple versions of OpenSSL check any patches apply cleanly and, if possible include patches to each affected version. The report should be given a meaningful subject line briefly summarising the @@ -738,37 +755,18 @@ issue. Just "bug in OpenSSL" or "bug in OpenSSL 0.9.8n" is not very helpful. By sending reports to the request tracker the bug can then be given a priority and assigned to the appropriate maintainer. The history of discussions can be accessed and if the issue has been addressed or a reason why not. If patches -are sent to openssl-dev instead only they can be lost if a team member has to +are only sent to openssl-dev they can be mislaid if a team member has to wade through months of old messages to review the discussion. -See also http://www.openssl.org/support/rt.html +See also + * I've found a security issue, how do I report it? If you think your bug has security implications then please send it to openssl-security@openssl.org if you don't get a prompt reply at least acknowledging receipt then resend or mail it directly to one of the -more active team members (e.g. steve@openssl.org). - -[PROG] Questions about programming with OpenSSL - -* Is OpenSSL thread-safe? -* I've compiled a program under Windows and it crashes: why? -* How do I read or write a DER encoded buffer using the ASN1 functions? -* OpenSSL uses DER but I need BER format: does OpenSSL support BER? -* I've tried using and I get errors why? -* I've called and it fails, why? -* I just get a load of numbers for the error output, what do they mean? -* Why do I get errors about unknown algorithms? -* Why can't the OpenSSH configure script detect OpenSSL? -* Can I use OpenSSL's SSL library with non-blocking I/O? -* Why doesn't my server application receive a client certificate? -* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? -* I think I've detected a memory leak, is this a bug? -* Why does Valgrind complain about the use of uninitialized data? -* Why doesn't a memory BIO work when a file does? -* Where are the declarations and implementations of d2i_X509() etc? - +more active team members (e.g. Steve). [PROG] ======================================================================== @@ -783,7 +781,7 @@ file. Multi-threaded applications must provide two callback functions to OpenSSL by calling CRYPTO_set_locking_callback() and CRYPTO_set_id_callback(), for all versions of OpenSSL up to and -including 0.9.8[abc...]. As of version 0.9.9, CRYPTO_set_id_callback() +including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback() and associated APIs are deprecated by CRYPTO_THREADID_set_callback() and friends. This is described in the threads(3) manpage.