X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=FAQ;h=4702d6ac9b00950e7eb8a4ed96b633efc926dfe7;hp=a45c545bf6d731d41f70f88fe60e0527e438698a;hb=de10f6900d71a9db99d41ded7227700ac1580bdb;hpb=1a7b2d33f4f54f31b5947ccd83dd0326016452df diff --git a/FAQ b/FAQ index a45c545bf6..4702d6ac9b 100644 --- a/FAQ +++ b/FAQ @@ -25,6 +25,7 @@ OpenSSL - Frequently Asked Questions * Why can't I make an SSL connection using a DSA certificate? * How can I remove the passphrase on a private key? * Why can't I use OpenSSL certificates with SSL client authentication? +* Why does my browser give a warning about a mismatched hostname? [BUILD] Questions about building and testing OpenSSL @@ -115,17 +116,8 @@ A number of Linux and *BSD distributions include OpenSSL. * Why aren't tools like 'autoconf' and 'libtool' used? -autoconf is a nice tool, but is unfortunately very Unix-centric. -Although one can come up with solution to have ports keep in track, -there's also some work needed for that, and can be quite painful at -times. If there was a 'autoconf'-like tool that generated perl -scripts or something similarly general, it would probably be used -in OpenSSL much earlier. - -libtool has repeatadly been reported by some members of the OpenSSL -development and others to be a pain to use. So far, those in the -development team who have said anything about this have expressed -a wish to avoid libtool for that reason. +autoconf will probably be used in future OpenSSL versions. If it was +less Unix-centric, it might have been used much earlier. [LEGAL] ======================================================================= @@ -277,7 +269,7 @@ print out the servers list of acceptable CAs using the OpenSSL s_client tool: openssl s_client -connect www.some.host:443 -prexit -if your server only requests certificates on certain URLs then you may need +If your server only requests certificates on certain URLs then you may need to manually issue an HTTP GET command to get the list when s_client connects: GET /some/page/needing/a/certificate.html @@ -325,12 +317,13 @@ tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor. * Why does the OpenSSL test fail with "bc: 1 no implemented"? -On some SCO installations or versions, bc has a bug that gets triggered when -you run the test suite (using "make test"). The message returned is "bc: -1 not implemented". The best way to deal with this is to find another -implementation of bc and compile/install it. For example, GNU bc (see -http://www.gnu.org/software/software.html for download instructions) can -be safely used. +On some SCO installations or versions, bc has a bug that gets triggered +when you run the test suite (using "make test"). The message returned is +"bc: 1 not implemented". + +The best way to deal with this is to find another implementation of bc +and compile/install it. GNU bc (see http://www.gnu.org/software/software.html +for download instructions) can be safely used, for example. * Why does the OpenSSL compilation fail on Alpha True64 Unix?