diff options
| -rw-r--r-- | CHANGES | 2 | ||||
| -rw-r--r-- | FAQ | 9 | ||||
| -rw-r--r-- | NEWS | 1 |
3 files changed, 12 insertions, 0 deletions
@@ -113,6 +113,8 @@ form for "surname", serialNumber has no short form. Use "mail" as the short name for "rfc822Mailbox" according to RFC2798; therefore remove "mail" short name for "internet 7". + The OID for unique identifiers in X509 certificates is + x500UniqueIdentifier, not uniqueIdentifier. Some more OID additions. (Michael Bell <michael.bell@rz.hu-berlin.de>) [Lutz Jaenicke] @@ -52,6 +52,7 @@ OpenSSL - Frequently Asked Questions * Why can't the OpenSSH configure script detect OpenSSL? * Can I use OpenSSL's SSL library with non-blocking I/O? * Why doesn't my server application receive a client certificate? +* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? =============================================================================== @@ -624,5 +625,13 @@ if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the SSL_CTX_set_verify() function to enable the use of client certificates. +* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? + +For OpenSSL 0.9.7 the OID table was extended and corrected. uniqueIdentifier +was incorrectly used for X.509 certificates. The correct name according to +RFC2256 (LDAP) is x500UniqueIdentifier. Change your code to use the new +name when compiling against OpenSSL 0.9.7. + + =============================================================================== @@ -31,6 +31,7 @@ o Reworked parts of the BIGNUM code. o Support for new engines: Broadcom ubsec, Accelerated Encryption Processing, IBM 4758. + o Extended and corrected OID (object identifier) table. o PRNG: query at more locations for a random device, automatic query for EGD style random sources at several locations. o SSL/TLS: allow optional cipher choice according to server's preference. |