You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1025 lines
45 KiB
1025 lines
45 KiB
OpenSSL - Frequently Asked Questions
|
|
--------------------------------------
|
|
|
|
[MISC] Miscellaneous questions
|
|
|
|
* Which is the current version of OpenSSL?
|
|
* Where is the documentation?
|
|
* How can I contact the OpenSSL developers?
|
|
* Where can I get a compiled version of OpenSSL?
|
|
* Why aren't tools like 'autoconf' and 'libtool' used?
|
|
* What is an 'engine' version?
|
|
* How do I check the authenticity of the OpenSSL distribution?
|
|
|
|
[LEGAL] Legal questions
|
|
|
|
* Do I need patent licenses to use OpenSSL?
|
|
* Can I use OpenSSL with GPL software?
|
|
|
|
[USER] Questions on using the OpenSSL applications
|
|
|
|
* Why do I get a "PRNG not seeded" error message?
|
|
* Why do I get an "unable to write 'random state'" error message?
|
|
* How do I create certificates or certificate requests?
|
|
* Why can't I create certificate requests?
|
|
* Why does <SSL program> fail with a certificate verify error?
|
|
* Why can I only use weak ciphers when I connect to a server using OpenSSL?
|
|
* How can I create DSA certificates?
|
|
* Why can't I make an SSL connection using a DSA certificate?
|
|
* How can I remove the passphrase on a private key?
|
|
* Why can't I use OpenSSL certificates with SSL client authentication?
|
|
* Why does my browser give a warning about a mismatched hostname?
|
|
* How do I install a CA certificate into a browser?
|
|
* Why is OpenSSL x509 DN output not conformant to RFC2253?
|
|
* What is a "128 bit certificate"? Can I create one with OpenSSL?
|
|
* Why does OpenSSL set the authority key identifier extension incorrectly?
|
|
* How can I set up a bundle of commercial root CA certificates?
|
|
|
|
[BUILD] Questions about building and testing OpenSSL
|
|
|
|
* Why does the linker complain about undefined symbols?
|
|
* Why does the OpenSSL test fail with "bc: command not found"?
|
|
* Why does the OpenSSL test fail with "bc: 1 no implemented"?
|
|
* Why does the OpenSSL test fail with "bc: stack empty"?
|
|
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
|
|
* Why does the OpenSSL compilation fail with "ar: command not found"?
|
|
* Why does the OpenSSL compilation fail on Win32 with VC++?
|
|
* What is special about OpenSSL on Redhat?
|
|
* Why does the OpenSSL compilation fail on MacOS X?
|
|
* Why does the OpenSSL test suite fail on MacOS X?
|
|
* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
|
|
* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
|
|
* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
|
|
* Why does compiler fail to compile sha512.c?
|
|
* Test suite still fails, what to do?
|
|
* I think I've found a bug, what should I do?
|
|
* I'm SURE I've found a bug, how do I report it?
|
|
* I've found a security issue, how do I report it?
|
|
|
|
[PROG] Questions about programming with OpenSSL
|
|
|
|
* Is OpenSSL thread-safe?
|
|
* I've compiled a program under Windows and it crashes: why?
|
|
* How do I read or write a DER encoded buffer using the ASN1 functions?
|
|
* OpenSSL uses DER but I need BER format: does OpenSSL support BER?
|
|
* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
|
|
* I've called <some function> and it fails, why?
|
|
* I just get a load of numbers for the error output, what do they mean?
|
|
* Why do I get errors about unknown algorithms?
|
|
* Why can't the OpenSSH configure script detect OpenSSL?
|
|
* Can I use OpenSSL's SSL library with non-blocking I/O?
|
|
* Why doesn't my server application receive a client certificate?
|
|
* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
|
|
* I think I've detected a memory leak, is this a bug?
|
|
* Why does Valgrind complain about the use of uninitialized data?
|
|
* Why doesn't a memory BIO work when a file does?
|
|
* Where are the declarations and implementations of d2i_X509() etc?
|
|
|
|
===============================================================================
|
|
|
|
[MISC] ========================================================================
|
|
|
|
* Which is the current version of OpenSSL?
|
|
|
|
The current version is available from <URL: http://www.openssl.org>.
|
|
OpenSSL 1.0.0d was released on Feb 8th, 2011.
|
|
|
|
In addition to the current stable release, you can also access daily
|
|
snapshots of the OpenSSL development version at <URL:
|
|
ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access.
|
|
|
|
|
|
* Where is the documentation?
|
|
|
|
OpenSSL is a library that provides cryptographic functionality to
|
|
applications such as secure web servers. Be sure to read the
|
|
documentation of the application you want to use. The INSTALL file
|
|
explains how to install this library.
|
|
|
|
OpenSSL includes a command line utility that can be used to perform a
|
|
variety of cryptographic functions. It is described in the openssl(1)
|
|
manpage. Documentation for developers is currently being written. Many
|
|
manual pages are available; overviews over libcrypto and
|
|
libssl are given in the crypto(3) and ssl(3) manpages.
|
|
|
|
The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
|
|
different directory if you specified one as described in INSTALL).
|
|
In addition, you can read the most current versions at
|
|
<URL: http://www.openssl.org/docs/>. Note that the online documents refer
|
|
to the very latest development versions of OpenSSL and may include features
|
|
not present in released versions. If in doubt refer to the documentation
|
|
that came with the version of OpenSSL you are using.
|
|
|
|
For information on parts of libcrypto that are not yet documented, you
|
|
might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
|
|
predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much
|
|
of this still applies to OpenSSL.
|
|
|
|
There is some documentation about certificate extensions and PKCS#12
|
|
in doc/openssl.txt
|
|
|
|
The original SSLeay documentation is included in OpenSSL as
|
|
doc/ssleay.txt. It may be useful when none of the other resources
|
|
help, but please note that it reflects the obsolete version SSLeay
|
|
0.6.6.
|
|
|
|
|
|
* How can I contact the OpenSSL developers?
|
|
|
|
The README file describes how to submit bug reports and patches to
|
|
OpenSSL. Information on the OpenSSL mailing lists is available from
|
|
<URL: http://www.openssl.org>.
|
|
|
|
|
|
* Where can I get a compiled version of OpenSSL?
|
|
|
|
You can finder pointers to binary distributions in
|
|
<URL: http://www.openssl.org/related/binaries.html> .
|
|
|
|
Some applications that use OpenSSL are distributed in binary form.
|
|
When using such an application, you don't need to install OpenSSL
|
|
yourself; the application will include the required parts (e.g. DLLs).
|
|
|
|
If you want to build OpenSSL on a Windows system and you don't have
|
|
a C compiler, read the "Mingw32" section of INSTALL.W32 for information
|
|
on how to obtain and install the free GNU C compiler.
|
|
|
|
A number of Linux and *BSD distributions include OpenSSL.
|
|
|
|
|
|
* Why aren't tools like 'autoconf' and 'libtool' used?
|
|
|
|
autoconf will probably be used in future OpenSSL versions. If it was
|
|
less Unix-centric, it might have been used much earlier.
|
|
|
|
* What is an 'engine' version?
|
|
|
|
With version 0.9.6 OpenSSL was extended to interface to external crypto
|
|
hardware. This was realized in a special release '0.9.6-engine'. With
|
|
version 0.9.7 the changes were merged into the main development line,
|
|
so that the special release is no longer necessary.
|
|
|
|
* How do I check the authenticity of the OpenSSL distribution?
|
|
|
|
We provide MD5 digests and ASC signatures of each tarball.
|
|
Use MD5 to check that a tarball from a mirror site is identical:
|
|
|
|
md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
|
|
|
|
You can check authenticity using pgp or gpg. You need the OpenSSL team
|
|
member public key used to sign it (download it from a key server, see a
|
|
list of keys at <URL: http://www.openssl.org/about/>). Then
|
|
just do:
|
|
|
|
pgp TARBALL.asc
|
|
|
|
[LEGAL] =======================================================================
|
|
|
|
* Do I need patent licenses to use OpenSSL?
|
|
|
|
The patents section of the README file lists patents that may apply to
|
|
you if you want to use OpenSSL. For information on intellectual
|
|
property rights, please consult a lawyer. The OpenSSL team does not
|
|
offer legal advice.
|
|
|
|
You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using
|
|
./config no-idea no-mdc2 no-rc5
|
|
|
|
|
|
* Can I use OpenSSL with GPL software?
|
|
|
|
On many systems including the major Linux and BSD distributions, yes (the
|
|
GPL does not place restrictions on using libraries that are part of the
|
|
normal operating system distribution).
|
|
|
|
On other systems, the situation is less clear. Some GPL software copyright
|
|
holders claim that you infringe on their rights if you use OpenSSL with
|
|
their software on operating systems that don't normally include OpenSSL.
|
|
|
|
If you develop open source software that uses OpenSSL, you may find it
|
|
useful to choose an other license than the GPL, or state explicitly that
|
|
"This program is released under the GPL with the additional exemption that
|
|
compiling, linking, and/or using OpenSSL is allowed." If you are using
|
|
GPL software developed by others, you may want to ask the copyright holder
|
|
for permission to use their software with OpenSSL.
|
|
|
|
|
|
[USER] ========================================================================
|
|
|
|
* Why do I get a "PRNG not seeded" error message?
|
|
|
|
Cryptographic software needs a source of unpredictable data to work
|
|
correctly. Many open source operating systems provide a "randomness
|
|
device" (/dev/urandom or /dev/random) that serves this purpose.
|
|
All OpenSSL versions try to use /dev/urandom by default; starting with
|
|
version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
|
|
available.
|
|
|
|
On other systems, applications have to call the RAND_add() or
|
|
RAND_seed() function with appropriate data before generating keys or
|
|
performing public key encryption. (These functions initialize the
|
|
pseudo-random number generator, PRNG.) Some broken applications do
|
|
not do this. As of version 0.9.5, the OpenSSL functions that need
|
|
randomness report an error if the random number generator has not been
|
|
seeded with at least 128 bits of randomness. If this error occurs and
|
|
is not discussed in the documentation of the application you are
|
|
using, please contact the author of that application; it is likely
|
|
that it never worked correctly. OpenSSL 0.9.5 and later make the
|
|
error visible by refusing to perform potentially insecure encryption.
|
|
|
|
If you are using Solaris 8, you can add /dev/urandom and /dev/random
|
|
devices by installing patch 112438 (Sparc) or 112439 (x86), which are
|
|
available via the Patchfinder at <URL: http://sunsolve.sun.com>
|
|
(Solaris 9 includes these devices by default). For /dev/random support
|
|
for earlier Solaris versions, see Sun's statement at
|
|
<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>
|
|
(the SUNWski package is available in patch 105710).
|
|
|
|
On systems without /dev/urandom and /dev/random, it is a good idea to
|
|
use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
|
|
details. Starting with version 0.9.7, OpenSSL will automatically look
|
|
for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
|
|
/etc/entropy.
|
|
|
|
Most components of the openssl command line utility automatically try
|
|
to seed the random number generator from a file. The name of the
|
|
default seeding file is determined as follows: If environment variable
|
|
RANDFILE is set, then it names the seeding file. Otherwise if
|
|
environment variable HOME is set, then the seeding file is $HOME/.rnd.
|
|
If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
|
|
use file .rnd in the current directory while OpenSSL 0.9.6a uses no
|
|
default seeding file at all. OpenSSL 0.9.6b and later will behave
|
|
similarly to 0.9.6a, but will use a default of "C:\" for HOME on
|
|
Windows systems if the environment variable has not been set.
|
|
|
|
If the default seeding file does not exist or is too short, the "PRNG
|
|
not seeded" error message may occur.
|
|
|
|
The openssl command line utility will write back a new state to the
|
|
default seeding file (and create this file if necessary) unless
|
|
there was no sufficient seeding.
|
|
|
|
Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
|
|
Use the "-rand" option of the OpenSSL command line tools instead.
|
|
The $RANDFILE environment variable and $HOME/.rnd are only used by the
|
|
OpenSSL command line tools. Applications using the OpenSSL library
|
|
provide their own configuration options to specify the entropy source,
|
|
please check out the documentation coming the with application.
|
|
|
|
|
|
* Why do I get an "unable to write 'random state'" error message?
|
|
|
|
|
|
Sometimes the openssl command line utility does not abort with
|
|
a "PRNG not seeded" error message, but complains that it is
|
|
"unable to write 'random state'". This message refers to the
|
|
default seeding file (see previous answer). A possible reason
|
|
is that no default filename is known because neither RANDFILE
|
|
nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the
|
|
current directory in this case, but this has changed with 0.9.6a.)
|
|
|
|
|
|
* How do I create certificates or certificate requests?
|
|
|
|
Check out the CA.pl(1) manual page. This provides a simple wrapper round
|
|
the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
|
|
out the manual pages for the individual utilities and the certificate
|
|
extensions documentation (currently in doc/openssl.txt).
|
|
|
|
|
|
* Why can't I create certificate requests?
|
|
|
|
You typically get the error:
|
|
|
|
unable to find 'distinguished_name' in config
|
|
problems making Certificate Request
|
|
|
|
This is because it can't find the configuration file. Check out the
|
|
DIAGNOSTICS section of req(1) for more information.
|
|
|
|
|
|
* Why does <SSL program> fail with a certificate verify error?
|
|
|
|
This problem is usually indicated by log messages saying something like
|
|
"unable to get local issuer certificate" or "self signed certificate".
|
|
When a certificate is verified its root CA must be "trusted" by OpenSSL
|
|
this typically means that the CA certificate must be placed in a directory
|
|
or file and the relevant program configured to read it. The OpenSSL program
|
|
'verify' behaves in a similar way and issues similar error messages: check
|
|
the verify(1) program manual page for more information.
|
|
|
|
|
|
* Why can I only use weak ciphers when I connect to a server using OpenSSL?
|
|
|
|
This is almost certainly because you are using an old "export grade" browser
|
|
which only supports weak encryption. Upgrade your browser to support 128 bit
|
|
ciphers.
|
|
|
|
|
|
* How can I create DSA certificates?
|
|
|
|
Check the CA.pl(1) manual page for a DSA certificate example.
|
|
|
|
|
|
* Why can't I make an SSL connection to a server using a DSA certificate?
|
|
|
|
Typically you'll see a message saying there are no shared ciphers when
|
|
the same setup works fine with an RSA certificate. There are two possible
|
|
causes. The client may not support connections to DSA servers most web
|
|
browsers (including Netscape and MSIE) only support connections to servers
|
|
supporting RSA cipher suites. The other cause is that a set of DH parameters
|
|
has not been supplied to the server. DH parameters can be created with the
|
|
dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
|
|
check the source to s_server in apps/s_server.c for an example.
|
|
|
|
|
|
* How can I remove the passphrase on a private key?
|
|
|
|
Firstly you should be really *really* sure you want to do this. Leaving
|
|
a private key unencrypted is a major security risk. If you decide that
|
|
you do have to do this check the EXAMPLES sections of the rsa(1) and
|
|
dsa(1) manual pages.
|
|
|
|
|
|
* Why can't I use OpenSSL certificates with SSL client authentication?
|
|
|
|
What will typically happen is that when a server requests authentication
|
|
it will either not include your certificate or tell you that you have
|
|
no client certificates (Netscape) or present you with an empty list box
|
|
(MSIE). The reason for this is that when a server requests a client
|
|
certificate it includes a list of CAs names which it will accept. Browsers
|
|
will only let you select certificates from the list on the grounds that
|
|
there is little point presenting a certificate which the server will
|
|
reject.
|
|
|
|
The solution is to add the relevant CA certificate to your servers "trusted
|
|
CA list". How you do this depends on the server software in uses. You can
|
|
print out the servers list of acceptable CAs using the OpenSSL s_client tool:
|
|
|
|
openssl s_client -connect www.some.host:443 -prexit
|
|
|
|
If your server only requests certificates on certain URLs then you may need
|
|
to manually issue an HTTP GET command to get the list when s_client connects:
|
|
|
|
GET /some/page/needing/a/certificate.html
|
|
|
|
If your CA does not appear in the list then this confirms the problem.
|
|
|
|
|
|
* Why does my browser give a warning about a mismatched hostname?
|
|
|
|
Browsers expect the server's hostname to match the value in the commonName
|
|
(CN) field of the certificate. If it does not then you get a warning.
|
|
|
|
|
|
* How do I install a CA certificate into a browser?
|
|
|
|
The usual way is to send the DER encoded certificate to the browser as
|
|
MIME type application/x-x509-ca-cert, for example by clicking on an appropriate
|
|
link. On MSIE certain extensions such as .der or .cacert may also work, or you
|
|
can import the certificate using the certificate import wizard.
|
|
|
|
You can convert a certificate to DER form using the command:
|
|
|
|
openssl x509 -in ca.pem -outform DER -out ca.der
|
|
|
|
Occasionally someone suggests using a command such as:
|
|
|
|
openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
|
|
|
|
DO NOT DO THIS! This command will give away your CAs private key and
|
|
reduces its security to zero: allowing anyone to forge certificates in
|
|
whatever name they choose.
|
|
|
|
* Why is OpenSSL x509 DN output not conformant to RFC2253?
|
|
|
|
The ways to print out the oneline format of the DN (Distinguished Name) have
|
|
been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex()
|
|
interface, the "-nameopt" option could be introduded. See the manual
|
|
page of the "openssl x509" commandline tool for details. The old behaviour
|
|
has however been left as default for the sake of compatibility.
|
|
|
|
* What is a "128 bit certificate"? Can I create one with OpenSSL?
|
|
|
|
The term "128 bit certificate" is a highly misleading marketing term. It does
|
|
*not* refer to the size of the public key in the certificate! A certificate
|
|
containing a 128 bit RSA key would have negligible security.
|
|
|
|
There were various other names such as "magic certificates", "SGC
|
|
certificates", "step up certificates" etc.
|
|
|
|
You can't generally create such a certificate using OpenSSL but there is no
|
|
need to any more. Nowadays web browsers using unrestricted strong encryption
|
|
are generally available.
|
|
|
|
When there were tight restrictions on the export of strong encryption
|
|
software from the US only weak encryption algorithms could be freely exported
|
|
(initially 40 bit and then 56 bit). It was widely recognised that this was
|
|
inadequate. A relaxation of the rules allowed the use of strong encryption but
|
|
only to an authorised server.
|
|
|
|
Two slighly different techniques were developed to support this, one used by
|
|
Netscape was called "step up", the other used by MSIE was called "Server Gated
|
|
Cryptography" (SGC). When a browser initially connected to a server it would
|
|
check to see if the certificate contained certain extensions and was issued by
|
|
an authorised authority. If these test succeeded it would reconnect using
|
|
strong encryption.
|
|
|
|
Only certain (initially one) certificate authorities could issue the
|
|
certificates and they generally cost more than ordinary certificates.
|
|
|
|
Although OpenSSL can create certificates containing the appropriate extensions
|
|
the certificate would not come from a permitted authority and so would not
|
|
be recognized.
|
|
|
|
The export laws were later changed to allow almost unrestricted use of strong
|
|
encryption so these certificates are now obsolete.
|
|
|
|
|
|
* Why does OpenSSL set the authority key identifier (AKID) extension incorrectly?
|
|
|
|
It doesn't: this extension is often the cause of confusion.
|
|
|
|
Consider a certificate chain A->B->C so that A signs B and B signs C. Suppose
|
|
certificate C contains AKID.
|
|
|
|
The purpose of this extension is to identify the authority certificate B. This
|
|
can be done either by including the subject key identifier of B or its issuer
|
|
name and serial number.
|
|
|
|
In this latter case because it is identifying certifcate B it must contain the
|
|
issuer name and serial number of B.
|
|
|
|
It is often wrongly assumed that it should contain the subject name of B. If it
|
|
did this would be redundant information because it would duplicate the issuer
|
|
name of C.
|
|
|
|
|
|
* How can I set up a bundle of commercial root CA certificates?
|
|
|
|
The OpenSSL software is shipped without any root CA certificate as the
|
|
OpenSSL project does not have any policy on including or excluding
|
|
any specific CA and does not intend to set up such a policy. Deciding
|
|
about which CAs to support is up to application developers or
|
|
administrators.
|
|
|
|
Other projects do have other policies so you can for example extract the CA
|
|
bundle used by Mozilla and/or modssl as described in this article:
|
|
|
|
<URL: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html>
|
|
|
|
|
|
[BUILD] =======================================================================
|
|
|
|
* Why does the linker complain about undefined symbols?
|
|
|
|
Maybe the compilation was interrupted, and make doesn't notice that
|
|
something is missing. Run "make clean; make".
|
|
|
|
If you used ./Configure instead of ./config, make sure that you
|
|
selected the right target. File formats may differ slightly between
|
|
OS versions (for example sparcv8/sparcv9, or a.out/elf).
|
|
|
|
In case you get errors about the following symbols, use the config
|
|
option "no-asm", as described in INSTALL:
|
|
|
|
BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
|
|
CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt,
|
|
RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words,
|
|
bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
|
|
bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
|
|
des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3,
|
|
des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order
|
|
|
|
If none of these helps, you may want to try using the current snapshot.
|
|
If the problem persists, please submit a bug report.
|
|
|
|
|
|
* Why does the OpenSSL test fail with "bc: command not found"?
|
|
|
|
You didn't install "bc", the Unix calculator. If you want to run the
|
|
tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
|
|
|
|
|
|
* Why does the OpenSSL test fail with "bc: 1 no implemented"?
|
|
|
|
On some SCO installations or versions, bc has a bug that gets triggered
|
|
when you run the test suite (using "make test"). The message returned is
|
|
"bc: 1 not implemented".
|
|
|
|
The best way to deal with this is to find another implementation of bc
|
|
and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html>
|
|
for download instructions) can be safely used, for example.
|
|
|
|
|
|
* Why does the OpenSSL test fail with "bc: stack empty"?
|
|
|
|
On some DG/ux versions, bc seems to have a too small stack for calculations
|
|
that the OpenSSL bntest throws at it. This gets triggered when you run the
|
|
test suite (using "make test"). The message returned is "bc: stack empty".
|
|
|
|
The best way to deal with this is to find another implementation of bc
|
|
and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html>
|
|
for download instructions) can be safely used, for example.
|
|
|
|
|
|
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
|
|
|
|
On some Alpha installations running Tru64 Unix and Compaq C, the compilation
|
|
of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual
|
|
memory to continue compilation.' As far as the tests have shown, this may be
|
|
a compiler bug. What happens is that it eats up a lot of resident memory
|
|
to build something, probably a table. The problem is clearly in the
|
|
optimization code, because if one eliminates optimization completely (-O0),
|
|
the compilation goes through (and the compiler consumes about 2MB of resident
|
|
memory instead of 240MB or whatever one's limit is currently).
|
|
|
|
There are three options to solve this problem:
|
|
|
|
1. set your current data segment size soft limit higher. Experience shows
|
|
that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do
|
|
this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
|
|
kbytes to set the limit to.
|
|
|
|
2. If you have a hard limit that is lower than what you need and you can't
|
|
get it changed, you can compile all of OpenSSL with -O0 as optimization
|
|
level. This is however not a very nice thing to do for those who expect to
|
|
get the best result from OpenSSL. A bit more complicated solution is the
|
|
following:
|
|
|
|
----- snip:start -----
|
|
make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
|
|
sed -e 's/ -O[0-9] / -O0 /'`"
|
|
rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
|
|
make
|
|
----- snip:end -----
|
|
|
|
This will only compile sha_dgst.c with -O0, the rest with the optimization
|
|
level chosen by the configuration process. When the above is done, do the
|
|
test and installation and you're set.
|
|
|
|
3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It
|
|
should not be used and is not used in SSL/TLS nor any other recognized
|
|
protocol in either case.
|
|
|
|
|
|
* Why does the OpenSSL compilation fail with "ar: command not found"?
|
|
|
|
Getting this message is quite usual on Solaris 2, because Sun has hidden
|
|
away 'ar' and other development commands in directories that aren't in
|
|
$PATH by default. One of those directories is '/usr/ccs/bin'. The
|
|
quickest way to fix this is to do the following (it assumes you use sh
|
|
or any sh-compatible shell):
|
|
|
|
----- snip:start -----
|
|
PATH=${PATH}:/usr/ccs/bin; export PATH
|
|
----- snip:end -----
|
|
|
|
and then redo the compilation. What you should really do is make sure
|
|
'/usr/ccs/bin' is permanently in your $PATH, for example through your
|
|
'.profile' (again, assuming you use a sh-compatible shell).
|
|
|
|
|
|
* Why does the OpenSSL compilation fail on Win32 with VC++?
|
|
|
|
Sometimes, you may get reports from VC++ command line (cl) that it
|
|
can't find standard include files like stdio.h and other weirdnesses.
|
|
One possible cause is that the environment isn't correctly set up.
|
|
To solve that problem for VC++ versions up to 6, one should run
|
|
VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++
|
|
installation directory (somewhere under 'Program Files'). For VC++
|
|
version 7 (and up?), which is also called VS.NET, the file is called
|
|
VSVARS32.BAT instead.
|
|
This needs to be done prior to running NMAKE, and the changes are only
|
|
valid for the current DOS session.
|
|
|
|
|
|
* What is special about OpenSSL on Redhat?
|
|
|
|
Red Hat Linux (release 7.0 and later) include a preinstalled limited
|
|
version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
|
|
is disabled in this version. The same may apply to other Linux distributions.
|
|
Users may therefore wish to install more or all of the features left out.
|
|
|
|
To do this you MUST ensure that you do not overwrite the openssl that is in
|
|
/usr/bin on your Red Hat machine. Several packages depend on this file,
|
|
including sendmail and ssh. /usr/local/bin is a good alternative choice. The
|
|
libraries that come with Red Hat 7.0 onwards have different names and so are
|
|
not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
|
|
/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
|
|
/lib/libcrypto.so.2 respectively).
|
|
|
|
Please note that we have been advised by Red Hat attempting to recompile the
|
|
openssl rpm with all the cryptography enabled will not work. All other
|
|
packages depend on the original Red Hat supplied openssl package. It is also
|
|
worth noting that due to the way Red Hat supplies its packages, updates to
|
|
openssl on each distribution never change the package version, only the
|
|
build number. For example, on Red Hat 7.1, the latest openssl package has
|
|
version number 0.9.6 and build number 9 even though it contains all the
|
|
relevant updates in packages up to and including 0.9.6b.
|
|
|
|
A possible way around this is to persuade Red Hat to produce a non-US
|
|
version of Red Hat Linux.
|
|
|
|
FYI: Patent numbers and expiry dates of US patents:
|
|
MDC-2: 4,908,861 13/03/2007
|
|
IDEA: 5,214,703 25/05/2010
|
|
RC5: 5,724,428 03/03/2015
|
|
|
|
|
|
* Why does the OpenSSL compilation fail on MacOS X?
|
|
|
|
If the failure happens when trying to build the "openssl" binary, with
|
|
a large number of undefined symbols, it's very probable that you have
|
|
OpenSSL 0.9.6b delivered with the operating system (you can find out by
|
|
running '/usr/bin/openssl version') and that you were trying to build
|
|
OpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in
|
|
MacOS X has a misfeature that's quite difficult to go around.
|
|
Look in the file PROBLEMS for a more detailed explanation and for possible
|
|
solutions.
|
|
|
|
|
|
* Why does the OpenSSL test suite fail on MacOS X?
|
|
|
|
If the failure happens when running 'make test' and the RC4 test fails,
|
|
it's very probable that you have OpenSSL 0.9.6b delivered with the
|
|
operating system (you can find out by running '/usr/bin/openssl version')
|
|
and that you were trying to build OpenSSL 0.9.6d. The problem is that
|
|
the loader ('ld') in MacOS X has a misfeature that's quite difficult to
|
|
go around and has linked the programs "openssl" and the test programs
|
|
with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
|
|
libraries you just built.
|
|
Look in the file PROBLEMS for a more detailed explanation and for possible
|
|
solutions.
|
|
|
|
* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
|
|
|
|
Failure in BN_sqr test is most likely caused by a failure to configure the
|
|
toolkit for current platform or lack of support for the platform in question.
|
|
Run './config -t' and './apps/openssl version -p'. Do these platform
|
|
identifiers match? If they don't, then you most likely failed to run
|
|
./config and you're hereby advised to do so before filing a bug report.
|
|
If ./config itself fails to run, then it's most likely problem with your
|
|
local environment and you should turn to your system administrator (or
|
|
similar). If identifiers match (and/or no alternative identifier is
|
|
suggested by ./config script), then the platform is unsupported. There might
|
|
or might not be a workaround. Most notably on SPARC64 platforms with GNU
|
|
C compiler you should be able to produce a working build by running
|
|
'./config -m32'. I understand that -m32 might not be what you want/need,
|
|
but the build should be operational. For further details turn to
|
|
<openssl-dev@openssl.org>.
|
|
|
|
* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
|
|
|
|
As of 0.9.7 assembler routines were overhauled for position independence
|
|
of the machine code, which is essential for shared library support. For
|
|
some reason OpenBSD is equipped with an out-of-date GNU assembler which
|
|
finds the new code offensive. To work around the problem, configure with
|
|
no-asm (and sacrifice a great deal of performance) or patch your assembler
|
|
according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>.
|
|
For your convenience a pre-compiled replacement binary is provided at
|
|
<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>.
|
|
Reportedly elder *BSD a.out platforms also suffer from this problem and
|
|
remedy should be same. Provided binary is statically linked and should be
|
|
working across wider range of *BSD branches, not just OpenBSD.
|
|
|
|
* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
|
|
|
|
If the test program in question fails withs SIGILL, Illegal Instruction
|
|
exception, then you more than likely to run SSE2-capable CPU, such as
|
|
Intel P4, under control of kernel which does not support SSE2
|
|
instruction extentions. See accompanying INSTALL file and
|
|
OPENSSL_ia32cap(3) documentation page for further information.
|
|
|
|
* Why does compiler fail to compile sha512.c?
|
|
|
|
OpenSSL SHA-512 implementation depends on compiler support for 64-bit
|
|
integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a
|
|
couple] lack support for this and therefore are incapable of compiling
|
|
the module in question. The recommendation is to disable SHA-512 by
|
|
adding no-sha512 to ./config [or ./Configure] command line. Another
|
|
possible alternative might be to switch to GCC.
|
|
|
|
* Test suite still fails, what to do?
|
|
|
|
Another common reason for failure to complete some particular test is
|
|
simply bad code generated by a buggy component in toolchain or deficiency
|
|
in run-time environment. There are few cases documented in PROBLEMS file,
|
|
consult it for possible workaround before you beat the drum. Even if you
|
|
don't find solution or even mention there, do reserve for possibility of
|
|
a compiler bug. Compiler bugs might appear in rather bizarre ways, they
|
|
never make sense, and tend to emerge when you least expect them. In order
|
|
to identify one, drop optimization level, e.g. by editing CFLAG line in
|
|
top-level Makefile, recompile and re-run the test.
|
|
|
|
* I think I've found a bug, what should I do?
|
|
|
|
If you are a new user then it is quite likely you haven't found a bug and
|
|
something is happening you aren't familiar with. Check this FAQ, the associated
|
|
documentation and the mailing lists for similar queries. If you are still
|
|
unsure whether it is a bug or not submit a query to the openssl-users mailing
|
|
list.
|
|
|
|
|
|
* I'm SURE I've found a bug, how do I report it?
|
|
|
|
Bug reports with no security implications should be sent to the request
|
|
tracker. This can be done by mailing the report to <rt@openssl.org> (or its
|
|
alias <openssl-bugs@openssl.org>), please note that messages sent to the
|
|
request tracker also appear in the public openssl-dev mailing list.
|
|
|
|
The report should be in plain text. Any patches should be sent as
|
|
plain text attachments because some mailers corrupt patches sent inline.
|
|
If your issue affects multiple versions of OpenSSL check any patches apply
|
|
cleanly and, if possible include patches to each affected version.
|
|
|
|
The report should be given a meaningful subject line briefly summarising the
|
|
issue. Just "bug in OpenSSL" or "bug in OpenSSL 0.9.8n" is not very helpful.
|
|
|
|
By sending reports to the request tracker the bug can then be given a priority
|
|
and assigned to the appropriate maintainer. The history of discussions can be
|
|
accessed and if the issue has been addressed or a reason why not. If patches
|
|
are only sent to openssl-dev they can be mislaid if a team member has to
|
|
wade through months of old messages to review the discussion.
|
|
|
|
See also <URL: http://www.openssl.org/support/rt.html>
|
|
|
|
|
|
* I've found a security issue, how do I report it?
|
|
|
|
If you think your bug has security implications then please send it to
|
|
openssl-security@openssl.org if you don't get a prompt reply at least
|
|
acknowledging receipt then resend or mail it directly to one of the
|
|
more active team members (e.g. Steve).
|
|
|
|
[PROG] ========================================================================
|
|
|
|
* Is OpenSSL thread-safe?
|
|
|
|
Yes (with limitations: an SSL connection may not concurrently be used
|
|
by multiple threads). On Windows and many Unix systems, OpenSSL
|
|
automatically uses the multi-threaded versions of the standard
|
|
libraries. If your platform is not one of these, consult the INSTALL
|
|
file.
|
|
|
|
Multi-threaded applications must provide two callback functions to
|
|
OpenSSL by calling CRYPTO_set_locking_callback() and
|
|
CRYPTO_set_id_callback(), for all versions of OpenSSL up to and
|
|
including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback()
|
|
and associated APIs are deprecated by CRYPTO_THREADID_set_callback()
|
|
and friends. This is described in the threads(3) manpage.
|
|
|
|
* I've compiled a program under Windows and it crashes: why?
|
|
|
|
This is usually because you've missed the comment in INSTALL.W32.
|
|
Your application must link against the same version of the Win32
|
|
C-Runtime against which your openssl libraries were linked. The
|
|
default version for OpenSSL is /MD - "Multithreaded DLL".
|
|
|
|
If you are using Microsoft Visual C++'s IDE (Visual Studio), in
|
|
many cases, your new project most likely defaulted to "Debug
|
|
Singlethreaded" - /ML. This is NOT interchangeable with /MD and your
|
|
program will crash, typically on the first BIO related read or write
|
|
operation.
|
|
|
|
For each of the six possible link stage configurations within Win32,
|
|
your application must link against the same by which OpenSSL was
|
|
built. If you are using MS Visual C++ (Studio) this can be changed
|
|
by:
|
|
|
|
1. Select Settings... from the Project Menu.
|
|
2. Select the C/C++ Tab.
|
|
3. Select "Code Generation from the "Category" drop down list box
|
|
4. Select the Appropriate library (see table below) from the "Use
|
|
run-time library" drop down list box. Perform this step for both
|
|
your debug and release versions of your application (look at the
|
|
top left of the settings panel to change between the two)
|
|
|
|
Single Threaded /ML - MS VC++ often defaults to
|
|
this for the release
|
|
version of a new project.
|
|
Debug Single Threaded /MLd - MS VC++ often defaults to
|
|
this for the debug version
|
|
of a new project.
|
|
Multithreaded /MT
|
|
Debug Multithreaded /MTd
|
|
Multithreaded DLL /MD - OpenSSL defaults to this.
|
|
Debug Multithreaded DLL /MDd
|
|
|
|
Note that debug and release libraries are NOT interchangeable. If you
|
|
built OpenSSL with /MD your application must use /MD and cannot use /MDd.
|
|
|
|
As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL
|
|
.DLLs compiled with some specific run-time option [we insist on the
|
|
default /MD] can be deployed with application compiled with different
|
|
option or even different compiler. But there is a catch! Instead of
|
|
re-compiling OpenSSL toolkit, as you would have to with prior versions,
|
|
you have to compile small C snippet with compiler and/or options of
|
|
your choice. The snippet gets installed as
|
|
<install-root>/include/openssl/applink.c and should be either added to
|
|
your application project or simply #include-d in one [and only one]
|
|
of your application source files. Failure to link this shim module
|
|
into your application manifests itself as fatal "no OPENSSL_Applink"
|
|
run-time error. An explicit reminder is due that in this situation
|
|
[mixing compiler options] it is as important to add CRYPTO_malloc_init
|
|
prior first call to OpenSSL.
|
|
|
|
* How do I read or write a DER encoded buffer using the ASN1 functions?
|
|
|
|
You have two options. You can either use a memory BIO in conjunction
|
|
with the i2d_*_bio() or d2i_*_bio() functions or you can use the
|
|
i2d_*(), d2i_*() functions directly. Since these are often the
|
|
cause of grief here are some code fragments using PKCS7 as an example:
|
|
|
|
unsigned char *buf, *p;
|
|
int len;
|
|
|
|
len = i2d_PKCS7(p7, NULL);
|
|
buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
|
|
p = buf;
|
|
i2d_PKCS7(p7, &p);
|
|
|
|
At this point buf contains the len bytes of the DER encoding of
|
|
p7.
|
|
|
|
The opposite assumes we already have len bytes in buf:
|
|
|
|
unsigned char *p;
|
|
p = buf;
|
|
p7 = d2i_PKCS7(NULL, &p, len);
|
|
|
|
At this point p7 contains a valid PKCS7 structure of NULL if an error
|
|
occurred. If an error occurred ERR_print_errors(bio) should give more
|
|
information.
|
|
|
|
The reason for the temporary variable 'p' is that the ASN1 functions
|
|
increment the passed pointer so it is ready to read or write the next
|
|
structure. This is often a cause of problems: without the temporary
|
|
variable the buffer pointer is changed to point just after the data
|
|
that has been read or written. This may well be uninitialized data
|
|
and attempts to free the buffer will have unpredictable results
|
|
because it no longer points to the same address.
|
|
|
|
|
|
* OpenSSL uses DER but I need BER format: does OpenSSL support BER?
|
|
|
|
The short answer is yes, because DER is a special case of BER and OpenSSL
|
|
ASN1 decoders can process BER.
|
|
|
|
The longer answer is that ASN1 structures can be encoded in a number of
|
|
different ways. One set of ways is the Basic Encoding Rules (BER) with various
|
|
permissible encodings. A restriction of BER is the Distinguished Encoding
|
|
Rules (DER): these uniquely specify how a given structure is encoded.
|
|
|
|
Therefore, because DER is a special case of BER, DER is an acceptable encoding
|
|
for BER.
|
|
|
|
|
|
* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
|
|
|
|
This usually happens when you try compiling something using the PKCS#12
|
|
macros with a C++ compiler. There is hardly ever any need to use the
|
|
PKCS#12 macros in a program, it is much easier to parse and create
|
|
PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions
|
|
documented in doc/openssl.txt and with examples in demos/pkcs12. The
|
|
'pkcs12' application has to use the macros because it prints out
|
|
debugging information.
|
|
|
|
|
|
* I've called <some function> and it fails, why?
|
|
|
|
Before submitting a report or asking in one of the mailing lists, you
|
|
should try to determine the cause. In particular, you should call
|
|
ERR_print_errors() or ERR_print_errors_fp() after the failed call
|
|
and see if the message helps. Note that the problem may occur earlier
|
|
than you think -- you should check for errors after every call where
|
|
it is possible, otherwise the actual problem may be hidden because
|
|
some OpenSSL functions clear the error state.
|
|
|
|
|
|
* I just get a load of numbers for the error output, what do they mean?
|
|
|
|
The actual format is described in the ERR_print_errors() manual page.
|
|
You should call the function ERR_load_crypto_strings() before hand and
|
|
the message will be output in text form. If you can't do this (for example
|
|
it is a pre-compiled binary) you can use the errstr utility on the error
|
|
code itself (the hex digits after the second colon).
|
|
|
|
|
|
* Why do I get errors about unknown algorithms?
|
|
|
|
The cause is forgetting to load OpenSSL's table of algorithms with
|
|
OpenSSL_add_all_algorithms(). See the manual page for more information. This
|
|
can cause several problems such as being unable to read in an encrypted
|
|
PEM file, unable to decrypt a PKCS#12 file or signature failure when
|
|
verifying certificates.
|
|
|
|
* Why can't the OpenSSH configure script detect OpenSSL?
|
|
|
|
Several reasons for problems with the automatic detection exist.
|
|
OpenSSH requires at least version 0.9.5a of the OpenSSL libraries.
|
|
Sometimes the distribution has installed an older version in the system
|
|
locations that is detected instead of a new one installed. The OpenSSL
|
|
library might have been compiled for another CPU or another mode (32/64 bits).
|
|
Permissions might be wrong.
|
|
|
|
The general answer is to check the config.log file generated when running
|
|
the OpenSSH configure script. It should contain the detailed information
|
|
on why the OpenSSL library was not detected or considered incompatible.
|
|
|
|
|
|
* Can I use OpenSSL's SSL library with non-blocking I/O?
|
|
|
|
Yes; make sure to read the SSL_get_error(3) manual page!
|
|
|
|
A pitfall to avoid: Don't assume that SSL_read() will just read from
|
|
the underlying transport or that SSL_write() will just write to it --
|
|
it is also possible that SSL_write() cannot do any useful work until
|
|
there is data to read, or that SSL_read() cannot do anything until it
|
|
is possible to send data. One reason for this is that the peer may
|
|
request a new TLS/SSL handshake at any time during the protocol,
|
|
requiring a bi-directional message exchange; both SSL_read() and
|
|
SSL_write() will try to continue any pending handshake.
|
|
|
|
|
|
* Why doesn't my server application receive a client certificate?
|
|
|
|
Due to the TLS protocol definition, a client will only send a certificate,
|
|
if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
|
|
SSL_CTX_set_verify() function to enable the use of client certificates.
|
|
|
|
|
|
* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
|
|
|
|
For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier
|
|
versions, uniqueIdentifier was incorrectly used for X.509 certificates.
|
|
The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.
|
|
Change your code to use the new name when compiling against OpenSSL 0.9.7.
|
|
|
|
|
|
* I think I've detected a memory leak, is this a bug?
|
|
|
|
In most cases the cause of an apparent memory leak is an OpenSSL internal table
|
|
that is allocated when an application starts up. Since such tables do not grow
|
|
in size over time they are harmless.
|
|
|
|
These internal tables can be freed up when an application closes using various
|
|
functions. Currently these include following:
|
|
|
|
Thread-local cleanup functions:
|
|
|
|
ERR_remove_state()
|
|
|
|
Application-global cleanup functions that are aware of usage (and therefore
|
|
thread-safe):
|
|
|
|
ENGINE_cleanup() and CONF_modules_unload()
|
|
|
|
"Brutal" (thread-unsafe) Application-global cleanup functions:
|
|
|
|
ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().
|
|
|
|
|
|
* Why does Valgrind complain about the use of uninitialized data?
|
|
|
|
When OpenSSL's PRNG routines are called to generate random numbers the supplied
|
|
buffer contents are mixed into the entropy pool: so it technically does not
|
|
matter whether the buffer is initialized at this point or not. Valgrind (and
|
|
other test tools) will complain about this. When using Valgrind, make sure the
|
|
OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY)
|
|
to get rid of these warnings.
|
|
|
|
|
|
* Why doesn't a memory BIO work when a file does?
|
|
|
|
This can occur in several cases for example reading an S/MIME email message.
|
|
The reason is that a memory BIO can do one of two things when all the data
|
|
has been read from it.
|
|
|
|
The default behaviour is to indicate that no more data is available and that
|
|
the call should be retried, this is to allow the application to fill up the BIO
|
|
again if necessary.
|
|
|
|
Alternatively it can indicate that no more data is available and that EOF has
|
|
been reached.
|
|
|
|
If a memory BIO is to behave in the same way as a file this second behaviour
|
|
is needed. This must be done by calling:
|
|
|
|
BIO_set_mem_eof_return(bio, 0);
|
|
|
|
See the manual pages for more details.
|
|
|
|
|
|
* Where are the declarations and implementations of d2i_X509() etc?
|
|
|
|
These are defined and implemented by macros of the form:
|
|
|
|
|
|
DECLARE_ASN1_FUNCTIONS(X509) and IMPLEMENT_ASN1_FUNCTIONS(X509)
|
|
|
|
The implementation passes an ASN1 "template" defining the structure into an
|
|
ASN1 interpreter using generalised functions such as ASN1_item_d2i().
|
|
|
|
|
|
===============================================================================
|
|
|