Manualshelf

OpenSSL A.00.09.08n.010, A.00.09.08n.011, and A.00.09.08n.012 release notes (5900-0899), June 2010

ManualsBrandsHP ManualsSoftwareHP-UX OpenSSL Software
11121314151617181920
If none of these random number generators are available on the system, OpenSSL returns an
error while executing cryptographic functions. To prevent this situation, OpenSSL for HP-UX
11i v1 includes the /opt/openssl/prngd/prngd random number generator. The prngd
server reads HP-UX commands from the prngd.conf file, computes random numbers based
on certain parameters, and writes the computed random numbers to an HP-UX socket located
in the /var/run/egd-pool directory. OpenSSL functions can connect to and read random
numbers from this socket. The HP-UX 11i v2 and HP-UX 11i v3 operating systems contain /dev/
random by default; therefore, it does not require /opt/openssl/prngd/prngd. Random
number generation using /dev/urandom or /dev/random is faster than using /opt/openssl/
prngd/prngd. HP-UX 11i v1 users can download /dev/random from the following location:
http://www.software.hp.com
Automatically generated self-signed host certificate
An SSL-enabled server must be identified by a host certificate. A certificate also identifies the
network host, the name and ID of the Certificate Authority (CA), and expiry date of the certificate.
Before you can deploy an SSL-enabled server for production, it must acquire a certificate signed
by a legitimate CA. However, for testing purposes the certificate can be self-signed, that is, signed
by the application generating the certificate. Setting up a certificate hierarchy can be
time-consuming. If a self-signed certificate is available, you can direct your SSL server to this
certificate during testing. OpenSSL automatically generates a self-signed host certificate and
private key. The host certificate is stored as /opt/openssl/certs/host.pem and the private
key of the host certificate is saved as /opt/openssl/private/hostkey.pem. The subject
name of the certificate is as follows:
C=US, ST=CA, L=City, O=Company,
CN=localhost/emailAddress=www@localhost
You can also generate a self-signed host certificate using the following command:
$ openssl req -new -x509 -out /opt/openssl/certs/host.pem
-keyout /opt/openssl/private/hostkey.pem -nodes
-subj /C=US/ST=CA/L=City/O=Company/CN=localhost/emailAddress=www@localhost
Defects fixed in OpenSSL versions A.00.09.07m and A.00.09.08n
OpenSSL versions A.00.09.07m and A.00.09.08n include security and defect fixes. For more
information on the fixes, see:
http://www.openssl.org/news/changelog.html
Known problems
There are no known problems in OpenSSL A.00.09.07m and OpenSSL A.00.09.08n.
Compatibility information and installation requirements
This section lists the system and patch requirements for OpenSSL A.00.09.07m, and A.00.09.08n.
System requirements
Table 1-6 specifies the minimum system requirements for installing OpenSSL A.00.09.07m, and
A.00.09.08n.
Defects fixed in OpenSSL versions A.00.09.07m and A.00.09.08n 17