From acc9938ba5aa32fc382399e9a8cbd3a0dea91b34 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 7 Apr 2010 13:18:30 +0000 Subject: Add SHA2 algorithms to SSL_library_init(). Although these aren't used directly by SSL/TLS SHA2 certificates are becoming more common and applications that only call SSL_library_init() and not OpenSSL_add_all_alrgorithms() will fail when verifying certificates. Update docs. --- doc/ssl/SSL_library_init.pod | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'doc') diff --git a/doc/ssl/SSL_library_init.pod b/doc/ssl/SSL_library_init.pod index e7fbefbfac..8766776fea 100644 --- a/doc/ssl/SSL_library_init.pod +++ b/doc/ssl/SSL_library_init.pod @@ -27,25 +27,28 @@ SSL_library_init() is not reentrant. =head1 WARNING -SSL_library_init() mainly adds ciphers and digests used directly by SSL/TLS. -In some cases this is not sufficient and errors about unknown algorithms -will occur: for example when an attempt is made to use a certificate using -SHA256. This can be resolved by also calling OpenSSL_add_all_algorithms(). +SSL_library_init() adds ciphers and digests used directly and indirectly by +SSL/TLS. =head1 EXAMPLES A typical TLS/SSL application will start with the library initialization, -will provide readable error messages and will seed the PRNG. +and provide readable error messages. SSL_load_error_strings(); /* readable error messages */ SSL_library_init(); /* initialize library */ - actions_to_seed_PRNG(); =head1 RETURN VALUES SSL_library_init() always returns "1", so it is safe to discard the return value. +=head1 NOTES + +OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init(). +Applications which need to use SHA2 in earlier versions of OpenSSL should call +OpenSSL_add_all_algorithms() as well. + =head1 SEE ALSO L, L, -- cgit v1.2.3