Network Security with OpenSSL Confirmed Errata

Errata

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Corrected".

The following errata were submitted by our customers and approved as valid errors by the author or editor.

Color Key: Serious Technical Mistake Minor Technical Mistake Language or formatting error Typo Question

Version	Location	Description	Submitted By	Corrected
Printed	Page 10 On the second line of the fourth paragraph, "... she can sign it with her public key.";	"public" should be "private".	Anonymous
Printed	Page 29 2nd paragraph	The second word in the second sentence should be "supports".	Anonymous
Printed	Page 39 In the last para of the RSA section.	The sentence "In general, we do not recommend that you use this command at all for signing data." NOW READS: "In general, we do not recommend that you use this command at all for encrypting data."	Anonymous	Jun 2006
Printed	Page 40-41 In the paragraph spanning the two pages; "... trust can be established if the certificate	that issued a certificate...", The first instance of "certificate" should read "Certification Authority".	Anonymous
Printed	Page 54 1st paragraph	"just that is hasn't been revoked" should be "just that it hasn't been revoked"	Anonymous
Printed	Page 56 In the fourth full paragraph on the page, every instance of "certificate" NOW	READS "private key".	Anonymous	Jun 2006
Printed	Page 57 In the first paragraph under the section "Code-Signing Certificates", the last word of	the third sentence NOW READS "private key" instead of "certificate."	Anonymous	Jun 2006
Printed	Page 65 In Example 3-5, the command output shown	"Generating a 1024 bit RSA private key" NOW READS: "Generating a 2048 bit RSA private key"	Anonymous	Jun 2006
Printed	Page 75 In the first sentence in the section "Static Locking Callbacks", the word provide is misspelled.		Anonymous
Printed	Page 76 In Example 4-1, the 11th line	#elif _POSIX_THREADS NOW READS: #elif defined(_POSIX_THREADS)	Anonymous	Jun 2006
Printed	Page 76 In Example 4-1, the 25th line	static MUTEX_TYPE mutex_buf[] = NULL; NOW READS: static MUTEX_TYPE *mutex_buf = NULL;	Anonymous	Jun 2006
Printed	Page 80 In Example 4-2, the 30th line	MUTEX_CLEANUP(l->mutexp); NOW READS: MUTEX_CLEANUP(l->mutex);	Anonymous	Jun 2006
Printed	Page 92 2nd paragraph, 2nd sentence	"cis" should be "is".	Anonymous
Printed	Page 97 In the Random Number Generation section, documentation of RAND_bytes and RAND_pseudo_bytes was omitted.	These are API functions for programmers to use when they need random numbers from OpenSSL. The following are the declarations for these functions. int RAND_bytes(unsigned char buf, int num); int RAND_pseudo_bytes(unsigned char buf, int num); The first of these functions writes num bytes of cryptographically strong random bytes into the memory at buf. The second function does precisely the same thing except that the random bytes provided are not necessarily unpredictable. The latter function is not suitable for cryptographic needs (it is no more secure than functions like rand). For more information on these functions, see the man page for RAND_bytes here.	Anonymous
Printed	Page 113 4th paragraph	The second sentence in the fourth paragraph on page 113 start with "There a total of four files:". I assume there is the word "are" missing which would yield the correct sentence "There are a total of four files:".	Anonymous
Printed	Page 115 In the function init_OpenSSL, SSL_init_library() should be SSL_library_init()		Anonymous
Printed	Page 117 In Example 5-4, the 5th line	int done, err, nread; NOW READS: int err, nread;	Anonymous	Jun 2006
Printed	Page 127 In Example 5-6, the 88th line	THREAD_create(tid, server_thread, ssl); NOW READS: THREAD_CREATE(tid, server_thread, ssl);	Anonymous	Jun 2006
Printed	Page 136 Function post_connection_check, line 61	In the Win32 environment, the function strcasecmp does not exist. I inserted the following lines above this function to fix this problem. #ifdef WIN32 int strcasecmp(const char left, const char right) { int iter; char leftc, rightc; leftc = rightc = 0; for ( iter = 0; left[iter] && right[iter] && leftc == rightc ; iter++ ) { if ( left[iter] > 96 && left[iter] < 123 ) leftc = left[iter] & 95; else leftc = left[iter]; if ( right[iter] > 96 && right[iter] < 123 ) rightc = right[iter] & 95; else rightc = right[iter]; } if ( leftc > rightc ) return 1; if ( leftc < rightc ) return -1; return 0; } #endif AUTHOR: Apparently it's true, at least for some windows versions. The function name is simply changed, though. Here's a much simpler fix (which would go at the top of the source listing): #ifdef _WIN32 #define strcasecmp(x,y) stricmp(x,y) #endif	Anonymous
Printed	Page 138	In Example 5-9, line 3 should read: #define CAFILE "rootcert.pem"	Anonymous
Printed	Page 140	In Example 5-10, line 3 should read: #define CAFILE "rootcert.pem"	Anonymous
Printed	Page 141 In Example 5-10, the 66th line should be	ERR_remove_state(0); rather than: ERR_remove_state(0)	Anonymous
Printed	Page 141 In Example 5-10, the 101th line should be	THREAD_CREATE(tid, server_thread, ssl); rather than: THREAD_create(tid, server_thread, ssl);	Anonymous
Printed	Page 147	In Example 5-11, line 4 should read: #define CAFILE "rootcert.pem"	Anonymous
Printed	Page 148	In Example 5-12, line 48 should read: #define CAFILE "rootcert.pem"	Anonymous
Printed	Page 160 On lines 35 and 36 of Example 5-16, function name NOW READS	"set_nonblocking rather than "set_non-blocking".	Anonymous	Jun 2006
Printed	Page 175 All AES modes use 128-bit blocks. Remove all references to variable block sizes. Rijndael, which became	AES, supports variable block lengths, but the AES specification fixes the block size.	Anonymous
Printed	Page 198 6th line from bottom	unsigned char process_file(FILE f, insigned int olen) should read unsigned char process_file(FILE f, unsigned int olen)	Anonymous
Printed	Page 288 In Example 10-6 on line 77 (third line of code from bottom of the page), the parentheses do not match up.	The line should rather be: if (X509_REQ_verify(req, pkey) != 1)	Anonymous
Printed	Page 289 In Example 10-6 on line 129 (third line of code from bottom of the page), the parentheses do not match	up. The line should rather be: if (X509_set_pubkey(cert, pkey) != 1)	Anonymous