X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=FAQ;h=df681c8168d61ee20a7d550da06d09f4d5d0acb6;hp=b464ca1f3cca9414866d1bf22d85e2fe960df955;hb=0c75eeacd3285b395dc75b65c3e6fe6ffbef59f0;hpb=85171f83b88d519c10b19b2d76142af6b07753c0 diff --git a/FAQ b/FAQ index b464ca1f3c..df681c8168 100644 --- a/FAQ +++ b/FAQ @@ -10,6 +10,7 @@ OpenSSL - Frequently Asked Questions * Why aren't tools like 'autoconf' and 'libtool' used? * What is an 'engine' version? * How do I check the authenticity of the OpenSSL distribution? +* How does the versioning scheme work? [LEGAL] Legal questions @@ -82,11 +83,11 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from . -OpenSSL 1.0.0b was released on Nov 16th, 2010. +OpenSSL 1.0.1e was released on Feb 11, 2013. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at , or get it by anonymous CVS access. +ftp://ftp.openssl.org/snapshot/>, or get it by anonymous Git access. * Where is the documentation? @@ -108,7 +109,9 @@ In addition, you can read the most current versions at . Note that the online documents refer to the very latest development versions of OpenSSL and may include features not present in released versions. If in doubt refer to the documentation -that came with the version of OpenSSL you are using. +that came with the version of OpenSSL you are using. The pod format +documentation is included in each OpenSSL distribution under the docs +directory. For information on parts of libcrypto that are not yet documented, you might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's @@ -173,6 +176,25 @@ just do: pgp TARBALL.asc +* How does the versioning scheme work? + +After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter +releases (e.g. 1.0.1a) can only contain bug and security fixes and no +new features. Minor releases change the last number (e.g. 1.0.2) and +can contain new features that retain binary compatibility. Changes to +the middle number are considered major releases and neither source nor +binary compatibility is guaranteed. + +Therefore the answer to the common question "when will feature X be +backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear +in the next minor release. + +* What happens when the letter release reaches z? + +It was decided after the release of OpenSSL 0.9.8y the next version should +be 0.9.8za then 0.9.8zb and so on. + + [LEGAL] ======================================================================= * Do I need patent licenses to use OpenSSL? @@ -284,7 +306,7 @@ current directory in this case, but this has changed with 0.9.6a.) Check out the CA.pl(1) manual page. This provides a simple wrapper round the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check out the manual pages for the individual utilities and the certificate -extensions documentation (currently in doc/openssl.txt). +extensions documentation (in ca(1), req(1), x509v3_config(5) ) * Why can't I create certificate requests? @@ -848,7 +870,7 @@ The opposite assumes we already have len bytes in buf: p = buf; p7 = d2i_PKCS7(NULL, &p, len); -At this point p7 contains a valid PKCS7 structure of NULL if an error +At this point p7 contains a valid PKCS7 structure or NULL if an error occurred. If an error occurred ERR_print_errors(bio) should give more information. @@ -860,6 +882,21 @@ that has been read or written. This may well be uninitialized data and attempts to free the buffer will have unpredictable results because it no longer points to the same address. +Memory allocation and encoding can also be combined in a single +operation by the ASN1 routines: + + unsigned char *buf = NULL; /* mandatory */ + int len; + len = i2d_PKCS7(p7, &buf); + if (len < 0) + /* Error */ + /* Do some things with 'buf' */ + /* Finished with buf: free it */ + OPENSSL_free(buf); + +In this special case the "buf" parameter is *not* incremented, it points +to the start of the encoding. + * OpenSSL uses DER but I need BER format: does OpenSSL support BER?