diff options
| -rw-r--r-- | FAQ | 10 | ||||
| -rw-r--r-- | doc/crypto/ASN1_generate_nconf.pod | 13 |
2 files changed, 14 insertions, 9 deletions
@@ -823,11 +823,11 @@ code itself (the hex digits after the second colon). * Why do I get errors about unknown algorithms? -This can happen under several circumstances such as reading in an -encrypted private key or attempting to decrypt a PKCS#12 file. The cause -is forgetting to load OpenSSL's table of algorithms with -OpenSSL_add_all_algorithms(). See the manual page for more information. - +The cause is forgetting to load OpenSSL's table of algorithms with +OpenSSL_add_all_algorithms(). See the manual page for more information. This +can cause several problems such as being unable to read in an encrypted +PEM file, unable to decrypt a PKCS#12 file or signature failure when +verifying certificates. * Why can't the OpenSSH configure script detect OpenSSL? diff --git a/doc/crypto/ASN1_generate_nconf.pod b/doc/crypto/ASN1_generate_nconf.pod index 60867d951a..1157cff510 100644 --- a/doc/crypto/ASN1_generate_nconf.pod +++ b/doc/crypto/ASN1_generate_nconf.pod @@ -151,10 +151,11 @@ bits is set to zero. This specifies the format of the ultimate value. It should be followed by a colon and one of the strings B<ASCII>, B<UTF8>, B<HEX> or B<BITLIST>. -If no format specifier is included then B<ASCII> is used. If B<UTF8> is specified -then the value string must be a valid B<UTF8> string. For B<HEX> the output must -be a set of hex digits. B<BITLIST> (which is only valid for a BIT STRING) is a -comma separated list of set bits. +If no format specifier is included then B<ASCII> is used. If B<UTF8> is +specified then the value string must be a valid B<UTF8> string. For B<HEX> the +output must be a set of hex digits. B<BITLIST> (which is only valid for a BIT +STRING) is a comma separated list of the indices of the set bits, all other +bits are zero. =back @@ -172,6 +173,10 @@ An IA5String explicitly tagged using APPLICATION tagging: EXPLICIT:0A,IA5STRING:Hello World +A BITSTRING with bits 1 and 5 set and all others zero: + + FORMAT=BITLIST,BITSTRING:1,5 + A more complex example using a config file to produce a SEQUENCE consiting of a BOOL an OID and a UTF8String: |