diff --git a/CHANGES b/CHANGES index d248d9c60c..e1c8a75028 100644 --- a/CHANGES +++ b/CHANGES @@ -113,6 +113,8 @@ form for "surname", serialNumber has no short form. Use "mail" as the short name for "rfc822Mailbox" according to RFC2798; therefore remove "mail" short name for "internet 7". + The OID for unique identifiers in X509 certificates is + x500UniqueIdentifier, not uniqueIdentifier. Some more OID additions. (Michael Bell ) [Lutz Jaenicke] diff --git a/FAQ b/FAQ index bea8fcfde0..42844d58d0 100644 --- a/FAQ +++ b/FAQ @@ -52,6 +52,7 @@ OpenSSL - Frequently Asked Questions * Why can't the OpenSSH configure script detect OpenSSL? * Can I use OpenSSL's SSL library with non-blocking I/O? * Why doesn't my server application receive a client certificate? +* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? =============================================================================== @@ -624,5 +625,13 @@ if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the SSL_CTX_set_verify() function to enable the use of client certificates. +* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? + +For OpenSSL 0.9.7 the OID table was extended and corrected. uniqueIdentifier +was incorrectly used for X.509 certificates. The correct name according to +RFC2256 (LDAP) is x500UniqueIdentifier. Change your code to use the new +name when compiling against OpenSSL 0.9.7. + + =============================================================================== diff --git a/NEWS b/NEWS index bf8f031a29..343eea600f 100644 --- a/NEWS +++ b/NEWS @@ -31,6 +31,7 @@ o Reworked parts of the BIGNUM code. o Support for new engines: Broadcom ubsec, Accelerated Encryption Processing, IBM 4758. + o Extended and corrected OID (object identifier) table. o PRNG: query at more locations for a random device, automatic query for EGD style random sources at several locations. o SSL/TLS: allow optional cipher choice according to server's preference.