Errata

Network Security with OpenSSL

Errata for Network Security with OpenSSL

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected".

The following errata were submitted by our customers and approved as valid errors by the author or editor.

Color key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update

Version Location Description Submitted By Date submitted Date corrected
Printed
Page 10
On the second line of the fourth paragraph, "... she can sign it with her public key.";

"public" should be "private".

Anonymous   
Printed
Page 29
2nd paragraph

The second word in the second sentence should be "supports".

Anonymous   
Printed
Page 39
In the last para of the RSA section.

The sentence "In general, we do not recommend that you use this command at all for
signing data."

NOW READS:
"In general, we do not recommend that you use this command at all for encrypting
data."

Anonymous    Jun 01, 2006
Printed
Page 40-41
In the paragraph spanning the two pages; "... trust can be established if the certificate

that issued a certificate...", The first instance of "certificate" should read "Certification Authority".

Anonymous   
Printed
Page 54
1st paragraph

"just that is hasn't been revoked"
should be
"just that it hasn't been revoked"

Anonymous   
Printed
Page 56
In the fourth full paragraph on the page, every instance of "certificate" NOW

READS "private key".

Anonymous    Jun 01, 2006
Printed
Page 57
In the first paragraph under the section "Code-Signing Certificates", the last word of

the third sentence NOW READS "private key" instead of "certificate."

Anonymous    Jun 01, 2006
Printed
Page 65
In Example 3-5, the command output shown

"Generating a 1024 bit RSA private key"

NOW READS:
"Generating a 2048 bit RSA private key"

Anonymous    Jun 01, 2006
Printed
Page 75
In the first sentence in the section "Static Locking Callbacks", the word provide is misspelled.

Anonymous   
Printed
Page 76
In Example 4-1, the 11th line

#elif _POSIX_THREADS

NOW READS:
#elif defined(_POSIX_THREADS)

Anonymous    Jun 01, 2006
Printed
Page 76
In Example 4-1, the 25th line

static MUTEX_TYPE mutex_buf[] = NULL;

NOW READS:
static MUTEX_TYPE *mutex_buf = NULL;


Anonymous    Jun 01, 2006
Printed
Page 80
In Example 4-2, the 30th line

MUTEX_CLEANUP(l->mutexp);

NOW READS:
MUTEX_CLEANUP(l->mutex);

Anonymous    Jun 01, 2006
Printed
Page 92
2nd paragraph, 2nd sentence

"cis" should be "is".

Anonymous   
Printed
Page 97
In the Random Number Generation section, documentation of RAND_bytes and RAND_pseudo_bytes was omitted.

These are API functions for programmers to use when they need random numbers from OpenSSL. The following
are the declarations for these functions.

int RAND_bytes(unsigned char *buf, int num);
int RAND_pseudo_bytes(unsigned char *buf, int num);

The first of these functions writes num bytes of cryptographically strong random bytes into the memory at
buf. The second function does precisely the same thing except that the random bytes provided are not
necessarily unpredictable. The latter function is not suitable for cryptographic needs (it is no more
secure than functions like rand).

For more information on these functions, see the man page for RAND_bytes here.

Anonymous   
Printed
Page 113
4th paragraph

The second sentence in the fourth paragraph on page 113 start with "There a total of
four files:". I assume there is the word "are" missing which would yield the correct
sentence "There are a total of four files:".

Anonymous   
Printed
Page 115
In the function init_OpenSSL, SSL_init_library() should be SSL_library_init()

Anonymous   
Printed
Page 117
In Example 5-4, the 5th line

int done, err, nread;

NOW READS:
int err, nread;

Anonymous    Jun 01, 2006
Printed
Page 127
In Example 5-6, the 88th line

THREAD_create(tid, server_thread, ssl);

NOW READS:
THREAD_CREATE(tid, server_thread, ssl);

Anonymous    Jun 01, 2006
Printed
Page 136
Function post_connection_check, line 61

In the Win32 environment, the function strcasecmp does not exist. I inserted the
following lines above this function to fix this problem.

#ifdef WIN32
int strcasecmp(const char *left, const char *right)
{
int iter;
char leftc, rightc;

leftc = rightc = 0;
for ( iter = 0; left[iter] && right[iter] && leftc == rightc ; iter++ )
{
if ( left[iter] > 96 && left[iter] < 123 )
leftc = left[iter] & 95;
else
leftc = left[iter];
if ( right[iter] > 96 && right[iter] < 123 )
rightc = right[iter] & 95;
else
rightc = right[iter];
}
if ( leftc > rightc )
return 1;
if ( leftc < rightc )
return -1;
return 0;
}
#endif

AUTHOR: Apparently it's true, at least for some windows versions.
The function name is simply changed, though.

Here's a much simpler fix (which would go at the top of the source
listing):

#ifdef _WIN32
#define strcasecmp(x,y) stricmp(x,y)
#endif

Anonymous   
Printed
Page 138

In Example 5-9, line 3 should read:

#define CAFILE "rootcert.pem"


Anonymous   
Printed
Page 140

In Example 5-10, line 3 should read:

#define CAFILE "rootcert.pem"


Anonymous   
Printed
Page 141
In Example 5-10, the 66th line should be

ERR_remove_state(0);
rather than:
ERR_remove_state(0)


Anonymous   
Printed
Page 141
In Example 5-10, the 101th line should be

THREAD_CREATE(tid, server_thread, ssl);
rather than:
THREAD_create(tid, server_thread, ssl);


Anonymous   
Printed
Page 147

In Example 5-11, line 4 should read:

#define CAFILE "rootcert.pem"


Anonymous   
Printed
Page 148

In Example 5-12, line 48 should read:

#define CAFILE "rootcert.pem"


Anonymous   
Printed
Page 160
On lines 35 and 36 of Example 5-16, function name NOW READS

"set_nonblocking rather than "set_non-blocking".

Anonymous    Jun 01, 2006
Printed
Page 175
All AES modes use 128-bit blocks. Remove all references to variable block sizes. Rijndael, which became

AES, supports variable block lengths, but the AES specification fixes the block size.

Anonymous   
Printed
Page 198
6th line from bottom

unsigned char *process_file(FILE *f, insigned int *olen) should read
unsigned char *process_file(FILE *f, unsigned int *olen)

Anonymous   
Printed
Page 288
In Example 10-6 on line 77 (third line of code from bottom of the page), the parentheses do not match up.

The line should rather be:
if (X509_REQ_verify(req, pkey) != 1)


Anonymous   
Printed
Page 289
In Example 10-6 on line 129 (third line of code from bottom of the page), the parentheses do not match

up. The line should rather be:
if (X509_set_pubkey(cert, pkey) != 1)


Anonymous