1 | OpenSSL - Frequently Asked Questions |
---|
2 | -------------------------------------- |
---|
3 | |
---|
4 | * Which is the current version of OpenSSL? |
---|
5 | * Where is the documentation? |
---|
6 | * How can I contact the OpenSSL developers? |
---|
7 | * Do I need patent licenses to use OpenSSL? |
---|
8 | * Is OpenSSL thread-safe? |
---|
9 | * Why do I get a "PRNG not seeded" error message? |
---|
10 | * Why does the linker complain about undefined symbols? |
---|
11 | * Where can I get a compiled version of OpenSSL? |
---|
12 | * I've compiled a program under Windows and it crashes: why? |
---|
13 | * How do I read or write a DER encoded buffer using the ASN1 functions? |
---|
14 | * I've tried using <M_some_evil_pkcs12_macro> and I get errors why? |
---|
15 | * I've called <some function> and it fails, why? |
---|
16 | * I just get a load of numbers for the error output, what do they mean? |
---|
17 | * Why do I get errors about unknown algorithms? |
---|
18 | * How do I create certificates or certificate requests? |
---|
19 | * Why can't I create certificate requests? |
---|
20 | * Why does <SSL program> fail with a certificate verify error? |
---|
21 | * Why can I only use weak ciphers when I connect to a server using OpenSSL? |
---|
22 | * How can I create DSA certificates? |
---|
23 | * Why can't I make an SSL connection using a DSA certificate? |
---|
24 | * How can I remove the passphrase on a private key? |
---|
25 | * Why can't the OpenSSH configure script detect OpenSSL? |
---|
26 | * Why does the OpenSSL test fail with "bc: command not found"? |
---|
27 | * Why does the OpenSSL test fail with "bc: 1 no implemented"? |
---|
28 | * Why does the OpenSSL compilation fail on Alpha True64 Unix? |
---|
29 | * Why does the OpenSSL compilation fail with "ar: command not found"? |
---|
30 | |
---|
31 | |
---|
32 | * Which is the current version of OpenSSL? |
---|
33 | |
---|
34 | The current version is available from <URL: http://www.openssl.org>. |
---|
35 | OpenSSL 0.9.6 was released on September 24th, 2000. |
---|
36 | |
---|
37 | In addition to the current stable release, you can also access daily |
---|
38 | snapshots of the OpenSSL development version at <URL: |
---|
39 | ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access. |
---|
40 | |
---|
41 | |
---|
42 | * Where is the documentation? |
---|
43 | |
---|
44 | OpenSSL is a library that provides cryptographic functionality to |
---|
45 | applications such as secure web servers. Be sure to read the |
---|
46 | documentation of the application you want to use. The INSTALL file |
---|
47 | explains how to install this library. |
---|
48 | |
---|
49 | OpenSSL includes a command line utility that can be used to perform a |
---|
50 | variety of cryptographic functions. It is described in the openssl(1) |
---|
51 | manpage. Documentation for developers is currently being written. A |
---|
52 | few manual pages already are available; overviews over libcrypto and |
---|
53 | libssl are given in the crypto(3) and ssl(3) manpages. |
---|
54 | |
---|
55 | The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a |
---|
56 | different directory if you specified one as described in INSTALL). |
---|
57 | In addition, you can read the most current versions at |
---|
58 | <URL: http://www.openssl.org/docs/>. |
---|
59 | |
---|
60 | For information on parts of libcrypto that are not yet documented, you |
---|
61 | might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's |
---|
62 | predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much |
---|
63 | of this still applies to OpenSSL. |
---|
64 | |
---|
65 | There is some documentation about certificate extensions and PKCS#12 |
---|
66 | in doc/openssl.txt |
---|
67 | |
---|
68 | The original SSLeay documentation is included in OpenSSL as |
---|
69 | doc/ssleay.txt. It may be useful when none of the other resources |
---|
70 | help, but please note that it reflects the obsolete version SSLeay |
---|
71 | 0.6.6. |
---|
72 | |
---|
73 | |
---|
74 | * How can I contact the OpenSSL developers? |
---|
75 | |
---|
76 | The README file describes how to submit bug reports and patches to |
---|
77 | OpenSSL. Information on the OpenSSL mailing lists is available from |
---|
78 | <URL: http://www.openssl.org>. |
---|
79 | |
---|
80 | |
---|
81 | * Do I need patent licenses to use OpenSSL? |
---|
82 | |
---|
83 | The patents section of the README file lists patents that may apply to |
---|
84 | you if you want to use OpenSSL. For information on intellectual |
---|
85 | property rights, please consult a lawyer. The OpenSSL team does not |
---|
86 | offer legal advice. |
---|
87 | |
---|
88 | You can configure OpenSSL so as not to use RC5 and IDEA by using |
---|
89 | ./config no-rc5 no-idea |
---|
90 | |
---|
91 | |
---|
92 | * Is OpenSSL thread-safe? |
---|
93 | |
---|
94 | Yes (with limitations: an SSL connection may not concurrently be used |
---|
95 | by multiple threads). On Windows and many Unix systems, OpenSSL |
---|
96 | automatically uses the multi-threaded versions of the standard |
---|
97 | libraries. If your platform is not one of these, consult the INSTALL |
---|
98 | file. |
---|
99 | |
---|
100 | Multi-threaded applications must provide two callback functions to |
---|
101 | OpenSSL. This is described in the threads(3) manpage. |
---|
102 | |
---|
103 | |
---|
104 | * Why do I get a "PRNG not seeded" error message? |
---|
105 | |
---|
106 | Cryptographic software needs a source of unpredictable data to work |
---|
107 | correctly. Many open source operating systems provide a "randomness |
---|
108 | device" that serves this purpose. On other systems, applications have |
---|
109 | to call the RAND_add() or RAND_seed() function with appropriate data |
---|
110 | before generating keys or performing public key encryption. |
---|
111 | |
---|
112 | Some broken applications do not do this. As of version 0.9.5, the |
---|
113 | OpenSSL functions that need randomness report an error if the random |
---|
114 | number generator has not been seeded with at least 128 bits of |
---|
115 | randomness. If this error occurs, please contact the author of the |
---|
116 | application you are using. It is likely that it never worked |
---|
117 | correctly. OpenSSL 0.9.5 and later make the error visible by refusing |
---|
118 | to perform potentially insecure encryption. |
---|
119 | |
---|
120 | On systems without /dev/urandom, it is a good idea to use the Entropy |
---|
121 | Gathering Demon; see the RAND_egd() manpage for details. |
---|
122 | |
---|
123 | Most components of the openssl command line tool try to use the |
---|
124 | file $HOME/.rnd (or $RANDFILE, if this environment variable is set) |
---|
125 | for seeding the PRNG. If this file does not exist or is too short, |
---|
126 | the "PRNG not seeded" error message may occur. |
---|
127 | |
---|
128 | [Note to OpenSSL 0.9.5 users: The command "openssl rsa" in version |
---|
129 | 0.9.5 does not do this and will fail on systems without /dev/urandom |
---|
130 | when trying to password-encrypt an RSA key! This is a bug in the |
---|
131 | library; try a later version instead.] |
---|
132 | |
---|
133 | For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested |
---|
134 | installing the SUNski package from Sun patch 105710-01 (Sparc) which |
---|
135 | adds a /dev/random device and make sure it gets used, usually through |
---|
136 | $RANDFILE. There are probably similar patches for the other Solaris |
---|
137 | versions. However, be warned that /dev/random is usually a blocking |
---|
138 | device, which may have some effects on OpenSSL. |
---|
139 | |
---|
140 | |
---|
141 | * Why does the linker complain about undefined symbols? |
---|
142 | |
---|
143 | Maybe the compilation was interrupted, and make doesn't notice that |
---|
144 | something is missing. Run "make clean; make". |
---|
145 | |
---|
146 | If you used ./Configure instead of ./config, make sure that you |
---|
147 | selected the right target. File formats may differ slightly between |
---|
148 | OS versions (for example sparcv8/sparcv9, or a.out/elf). |
---|
149 | |
---|
150 | In case you get errors about the following symbols, use the config |
---|
151 | option "no-asm", as described in INSTALL: |
---|
152 | |
---|
153 | BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt, |
---|
154 | CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt, |
---|
155 | RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words, |
---|
156 | bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4, |
---|
157 | bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3, |
---|
158 | des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3, |
---|
159 | des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order |
---|
160 | |
---|
161 | If none of these helps, you may want to try using the current snapshot. |
---|
162 | If the problem persists, please submit a bug report. |
---|
163 | |
---|
164 | |
---|
165 | * Where can I get a compiled version of OpenSSL? |
---|
166 | |
---|
167 | Some applications that use OpenSSL are distributed in binary form. |
---|
168 | When using such an application, you don't need to install OpenSSL |
---|
169 | yourself; the application will include the required parts (e.g. DLLs). |
---|
170 | |
---|
171 | If you want to install OpenSSL on a Windows system and you don't have |
---|
172 | a C compiler, read the "Mingw32" section of INSTALL.W32 for information |
---|
173 | on how to obtain and install the free GNU C compiler. |
---|
174 | |
---|
175 | A number of Linux and *BSD distributions include OpenSSL. |
---|
176 | |
---|
177 | |
---|
178 | * I've compiled a program under Windows and it crashes: why? |
---|
179 | |
---|
180 | This is usually because you've missed the comment in INSTALL.W32. You |
---|
181 | must link with the multithreaded DLL version of the VC++ runtime library |
---|
182 | otherwise the conflict will cause a program to crash: typically on the |
---|
183 | first BIO related read or write operation. |
---|
184 | |
---|
185 | |
---|
186 | * How do I read or write a DER encoded buffer using the ASN1 functions? |
---|
187 | |
---|
188 | You have two options. You can either use a memory BIO in conjunction |
---|
189 | with the i2d_XXX_bio() or d2i_XXX_bio() functions or you can use the |
---|
190 | i2d_XXX(), d2i_XXX() functions directly. Since these are often the |
---|
191 | cause of grief here are some code fragments using PKCS7 as an example: |
---|
192 | |
---|
193 | unsigned char *buf, *p; |
---|
194 | int len; |
---|
195 | |
---|
196 | len = i2d_PKCS7(p7, NULL); |
---|
197 | buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */ |
---|
198 | p = buf; |
---|
199 | i2d_PKCS7(p7, &p); |
---|
200 | |
---|
201 | At this point buf contains the len bytes of the DER encoding of |
---|
202 | p7. |
---|
203 | |
---|
204 | The opposite assumes we already have len bytes in buf: |
---|
205 | |
---|
206 | unsigned char *p; |
---|
207 | p = buf; |
---|
208 | p7 = d2i_PKCS7(NULL, &p, len); |
---|
209 | |
---|
210 | At this point p7 contains a valid PKCS7 structure of NULL if an error |
---|
211 | occurred. If an error occurred ERR_print_errors(bio) should give more |
---|
212 | information. |
---|
213 | |
---|
214 | The reason for the temporary variable 'p' is that the ASN1 functions |
---|
215 | increment the passed pointer so it is ready to read or write the next |
---|
216 | structure. This is often a cause of problems: without the temporary |
---|
217 | variable the buffer pointer is changed to point just after the data |
---|
218 | that has been read or written. This may well be uninitialized data |
---|
219 | and attempts to free the buffer will have unpredictable results |
---|
220 | because it no longer points to the same address. |
---|
221 | |
---|
222 | |
---|
223 | * I've tried using <M_some_evil_pkcs12_macro> and I get errors why? |
---|
224 | |
---|
225 | This usually happens when you try compiling something using the PKCS#12 |
---|
226 | macros with a C++ compiler. There is hardly ever any need to use the |
---|
227 | PKCS#12 macros in a program, it is much easier to parse and create |
---|
228 | PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions |
---|
229 | documented in doc/openssl.txt and with examples in demos/pkcs12. The |
---|
230 | 'pkcs12' application has to use the macros because it prints out |
---|
231 | debugging information. |
---|
232 | |
---|
233 | |
---|
234 | * I've called <some function> and it fails, why? |
---|
235 | |
---|
236 | Before submitting a report or asking in one of the mailing lists, you |
---|
237 | should try to determine the cause. In particular, you should call |
---|
238 | ERR_print_errors() or ERR_print_errors_fp() after the failed call |
---|
239 | and see if the message helps. Note that the problem may occur earlier |
---|
240 | than you think -- you should check for errors after every call where |
---|
241 | it is possible, otherwise the actual problem may be hidden because |
---|
242 | some OpenSSL functions clear the error state. |
---|
243 | |
---|
244 | |
---|
245 | * I just get a load of numbers for the error output, what do they mean? |
---|
246 | |
---|
247 | The actual format is described in the ERR_print_errors() manual page. |
---|
248 | You should call the function ERR_load_crypto_strings() before hand and |
---|
249 | the message will be output in text form. If you can't do this (for example |
---|
250 | it is a pre-compiled binary) you can use the errstr utility on the error |
---|
251 | code itself (the hex digits after the second colon). |
---|
252 | |
---|
253 | |
---|
254 | * Why do I get errors about unknown algorithms? |
---|
255 | |
---|
256 | This can happen under several circumstances such as reading in an |
---|
257 | encrypted private key or attempting to decrypt a PKCS#12 file. The cause |
---|
258 | is forgetting to load OpenSSL's table of algorithms with |
---|
259 | OpenSSL_add_all_algorithms(). See the manual page for more information. |
---|
260 | |
---|
261 | |
---|
262 | * How do I create certificates or certificate requests? |
---|
263 | |
---|
264 | Check out the CA.pl(1) manual page. This provides a simple wrapper round |
---|
265 | the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check |
---|
266 | out the manual pages for the individual utilities and the certificate |
---|
267 | extensions documentation (currently in doc/openssl.txt). |
---|
268 | |
---|
269 | |
---|
270 | * Why can't I create certificate requests? |
---|
271 | |
---|
272 | You typically get the error: |
---|
273 | |
---|
274 | unable to find 'distinguished_name' in config |
---|
275 | problems making Certificate Request |
---|
276 | |
---|
277 | This is because it can't find the configuration file. Check out the |
---|
278 | DIAGNOSTICS section of req(1) for more information. |
---|
279 | |
---|
280 | |
---|
281 | * Why does <SSL program> fail with a certificate verify error? |
---|
282 | |
---|
283 | This problem is usually indicated by log messages saying something like |
---|
284 | "unable to get local issuer certificate" or "self signed certificate". |
---|
285 | When a certificate is verified its root CA must be "trusted" by OpenSSL |
---|
286 | this typically means that the CA certificate must be placed in a directory |
---|
287 | or file and the relevant program configured to read it. The OpenSSL program |
---|
288 | 'verify' behaves in a similar way and issues similar error messages: check |
---|
289 | the verify(1) program manual page for more information. |
---|
290 | |
---|
291 | |
---|
292 | * Why can I only use weak ciphers when I connect to a server using OpenSSL? |
---|
293 | |
---|
294 | This is almost certainly because you are using an old "export grade" browser |
---|
295 | which only supports weak encryption. Upgrade your browser to support 128 bit |
---|
296 | ciphers. |
---|
297 | |
---|
298 | |
---|
299 | * How can I create DSA certificates? |
---|
300 | |
---|
301 | Check the CA.pl(1) manual page for a DSA certificate example. |
---|
302 | |
---|
303 | |
---|
304 | * Why can't I make an SSL connection to a server using a DSA certificate? |
---|
305 | |
---|
306 | Typically you'll see a message saying there are no shared ciphers when |
---|
307 | the same setup works fine with an RSA certificate. There are two possible |
---|
308 | causes. The client may not support connections to DSA servers most web |
---|
309 | browsers (including Netscape and MSIE) only support connections to servers |
---|
310 | supporting RSA cipher suites. The other cause is that a set of DH parameters |
---|
311 | has not been supplied to the server. DH parameters can be created with the |
---|
312 | dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example: |
---|
313 | check the source to s_server in apps/s_server.c for an example. |
---|
314 | |
---|
315 | |
---|
316 | * How can I remove the passphrase on a private key? |
---|
317 | |
---|
318 | Firstly you should be really *really* sure you want to do this. Leaving |
---|
319 | a private key unencrypted is a major security risk. If you decide that |
---|
320 | you do have to do this check the EXAMPLES sections of the rsa(1) and |
---|
321 | dsa(1) manual pages. |
---|
322 | |
---|
323 | |
---|
324 | * Why can't the OpenSSH configure script detect OpenSSL? |
---|
325 | |
---|
326 | There is a problem with OpenSSH 1.2.2p1, in that the configure script |
---|
327 | can't find the installed OpenSSL libraries. The problem is actually |
---|
328 | a small glitch that is easily solved with the following patch to be |
---|
329 | applied to the OpenSSH distribution: |
---|
330 | |
---|
331 | ----- snip:start ----- |
---|
332 | --- openssh-1.2.2p1/configure.in.orig Thu Mar 23 18:56:58 2000 |
---|
333 | +++ openssh-1.2.2p1/configure.in Thu Mar 23 18:55:05 2000 |
---|
334 | @@ -152,10 +152,10 @@ |
---|
335 | AC_MSG_CHECKING([for OpenSSL/SSLeay directory]) |
---|
336 | for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do |
---|
337 | if test ! -z "$ssldir" ; then |
---|
338 | - LIBS="$saved_LIBS -L$ssldir" |
---|
339 | + LIBS="$saved_LIBS -L$ssldir/lib" |
---|
340 | CFLAGS="$CFLAGS -I$ssldir/include" |
---|
341 | if test "x$need_dash_r" = "x1" ; then |
---|
342 | - LIBS="$LIBS -R$ssldir" |
---|
343 | + LIBS="$LIBS -R$ssldir/lib" |
---|
344 | fi |
---|
345 | fi |
---|
346 | LIBS="$LIBS -lcrypto" |
---|
347 | --- openssh-1.2.2p1/configure.orig Thu Mar 23 18:55:02 2000 |
---|
348 | +++ openssh-1.2.2p1/configure Thu Mar 23 18:57:08 2000 |
---|
349 | @@ -1890,10 +1890,10 @@ |
---|
350 | echo "configure:1891: checking for OpenSSL/SSLeay directory" >&5 |
---|
351 | for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do |
---|
352 | if test ! -z "$ssldir" ; then |
---|
353 | - LIBS="$saved_LIBS -L$ssldir" |
---|
354 | + LIBS="$saved_LIBS -L$ssldir/lib" |
---|
355 | CFLAGS="$CFLAGS -I$ssldir/include" |
---|
356 | if test "x$need_dash_r" = "x1" ; then |
---|
357 | - LIBS="$LIBS -R$ssldir" |
---|
358 | + LIBS="$LIBS -R$ssldir/lib" |
---|
359 | fi |
---|
360 | fi |
---|
361 | LIBS="$LIBS -lcrypto" |
---|
362 | ----- snip:end ----- |
---|
363 | |
---|
364 | |
---|
365 | * Why does the OpenSSL test fail with "bc: command not found"? |
---|
366 | |
---|
367 | You didn't install "bc", the Unix calculator. If you want to run the |
---|
368 | tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor. |
---|
369 | |
---|
370 | |
---|
371 | * Why does the OpenSSL test fail with "bc: 1 no implemented"? |
---|
372 | |
---|
373 | On some SCO installations or versions, bc has a bug that gets triggered when |
---|
374 | you run the test suite (using "make test"). The message returned is "bc: |
---|
375 | 1 not implemented". The best way to deal with this is to find another |
---|
376 | implementation of bc and compile/install it. For example, GNU bc (see |
---|
377 | http://www.gnu.org/software/software.html for download instructions) can |
---|
378 | be safely used. |
---|
379 | |
---|
380 | |
---|
381 | * Why does the OpenSSL compilation fail on Alpha True64 Unix? |
---|
382 | |
---|
383 | On some Alpha installations running True64 Unix and Compaq C, the compilation |
---|
384 | of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual |
---|
385 | memory to continue compilation.' As far as the tests have shown, this may be |
---|
386 | a compiler bug. What happens is that it eats up a lot of resident memory |
---|
387 | to build something, probably a table. The problem is clearly in the |
---|
388 | optimization code, because if one eliminates optimization completely (-O0), |
---|
389 | the compilation goes through (and the compiler consumes about 2MB of resident |
---|
390 | memory instead of 240MB or whatever one's limit is currently). |
---|
391 | |
---|
392 | There are three options to solve this problem: |
---|
393 | |
---|
394 | 1. set your current data segment size soft limit higher. Experience shows |
---|
395 | that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do |
---|
396 | this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of |
---|
397 | kbytes to set the limit to. |
---|
398 | |
---|
399 | 2. If you have a hard limit that is lower than what you need and you can't |
---|
400 | get it changed, you can compile all of OpenSSL with -O0 as optimization |
---|
401 | level. This is however not a very nice thing to do for those who expect to |
---|
402 | get the best result from OpenSSL. A bit more complicated solution is the |
---|
403 | following: |
---|
404 | |
---|
405 | ----- snip:start ----- |
---|
406 | make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \ |
---|
407 | sed -e 's/ -O[0-9] / -O0 /'`" |
---|
408 | rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'` |
---|
409 | make |
---|
410 | ----- snip:end ----- |
---|
411 | |
---|
412 | This will only compile sha_dgst.c with -O0, the rest with the optimization |
---|
413 | level chosen by the configuration process. When the above is done, do the |
---|
414 | test and installation and you're set. |
---|
415 | |
---|
416 | |
---|
417 | * Why does the OpenSSL compilation fail with "ar: command not found"? |
---|
418 | |
---|
419 | Getting this message is quite usual on Solaris 2, because Sun has hidden |
---|
420 | away 'ar' and other development commands in directories that aren't in |
---|
421 | $PATH by default. One of those directories is '/usr/ccs/bin'. The |
---|
422 | quickest way to fix this is to do the following (it assumes you use sh |
---|
423 | or any sh-compatible shell): |
---|
424 | |
---|
425 | ----- snip:start ----- |
---|
426 | PATH=${PATH}:/usr/ccs/bin; export PATH |
---|
427 | ----- snip:end ----- |
---|
428 | |
---|
429 | and then redo the compilation. What you should really do is make sure |
---|
430 | '/usr/ccs/bin' is permanently in your $PATH, for example through your |
---|
431 | '.profile' (again, assuming you use a sh-compatible shell). |
---|
432 | |
---|