diff options
Diffstat (limited to 'openssl/FAQ')
-rw-r--r-- | openssl/FAQ | 53 |
1 files changed, 48 insertions, 5 deletions
diff --git a/openssl/FAQ b/openssl/FAQ index becee6663..50e931408 100644 --- a/openssl/FAQ +++ b/openssl/FAQ @@ -52,6 +52,9 @@ OpenSSL - Frequently Asked Questions * Why does the OpenSSL test suite fail in sha512t on x86 CPU? * Why does compiler fail to compile sha512.c? * Test suite still fails, what to do? +* I think I've found a bug, what should I do? +* I'm SURE I've found a bug, how do I report it? +* I've found a security issue, how do I report it? [PROG] Questions about programming with OpenSSL @@ -79,7 +82,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 1.0.0a was released on Jun 1st, 2010. +OpenSSL 1.0.0c was released on Dec 2nd, 2010. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: @@ -131,7 +134,7 @@ OpenSSL. Information on the OpenSSL mailing lists is available from * Where can I get a compiled version of OpenSSL? You can finder pointers to binary distributions in -http://www.openssl.org/related/binaries.html . +<URL: http://www.openssl.org/related/binaries.html> . Some applications that use OpenSSL are distributed in binary form. When using such an application, you don't need to install OpenSSL @@ -463,7 +466,7 @@ administrators. Other projects do have other policies so you can for example extract the CA bundle used by Mozilla and/or modssl as described in this article: - http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html + <URL: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html> [BUILD] ======================================================================= @@ -505,7 +508,7 @@ when you run the test suite (using "make test"). The message returned is "bc: 1 not implemented". The best way to deal with this is to find another implementation of bc -and compile/install it. GNU bc (see http://www.gnu.org/software/software.html +and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html> for download instructions) can be safely used, for example. @@ -516,7 +519,7 @@ that the OpenSSL bntest throws at it. This gets triggered when you run the test suite (using "make test"). The message returned is "bc: stack empty". The best way to deal with this is to find another implementation of bc -and compile/install it. GNU bc (see http://www.gnu.org/software/software.html +and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html> for download instructions) can be safely used, for example. @@ -709,6 +712,46 @@ never make sense, and tend to emerge when you least expect them. In order to identify one, drop optimization level, e.g. by editing CFLAG line in top-level Makefile, recompile and re-run the test. +* I think I've found a bug, what should I do? + +If you are a new user then it is quite likely you haven't found a bug and +something is happening you aren't familiar with. Check this FAQ, the associated +documentation and the mailing lists for similar queries. If you are still +unsure whether it is a bug or not submit a query to the openssl-users mailing +list. + + +* I'm SURE I've found a bug, how do I report it? + +Bug reports with no security implications should be sent to the request +tracker. This can be done by mailing the report to <rt@openssl.org> (or its +alias <openssl-bugs@openssl.org>), please note that messages sent to the +request tracker also appear in the public openssl-dev mailing list. + +The report should be in plain text. Any patches should be sent as +plain text attachments because some mailers corrupt patches sent inline. +If your issue affects multiple versions of OpenSSL check any patches apply +cleanly and, if possible include patches to each affected version. + +The report should be given a meaningful subject line briefly summarising the +issue. Just "bug in OpenSSL" or "bug in OpenSSL 0.9.8n" is not very helpful. + +By sending reports to the request tracker the bug can then be given a priority +and assigned to the appropriate maintainer. The history of discussions can be +accessed and if the issue has been addressed or a reason why not. If patches +are only sent to openssl-dev they can be mislaid if a team member has to +wade through months of old messages to review the discussion. + +See also <URL: http://www.openssl.org/support/rt.html> + + +* I've found a security issue, how do I report it? + +If you think your bug has security implications then please send it to +openssl-security@openssl.org if you don't get a prompt reply at least +acknowledging receipt then resend or mail it directly to one of the +more active team members (e.g. Steve). + [PROG] ======================================================================== * Is OpenSSL thread-safe? |