Make change uniqueIdentifier -> x500UniqueIdentifier clearly visible.
Submitted by:
Reviewed by:
PR: 82
diff --git a/CHANGES b/CHANGES
index d248d9c..e1c8a75 100644
--- a/CHANGES
+++ b/CHANGES
@@ -113,6 +113,8 @@
form for "surname", serialNumber has no short form.
Use "mail" as the short name for "rfc822Mailbox" according to RFC2798;
therefore remove "mail" short name for "internet 7".
+ The OID for unique identifiers in X509 certificates is
+ x500UniqueIdentifier, not uniqueIdentifier.
Some more OID additions. (Michael Bell <michael.bell@rz.hu-berlin.de>)
[Lutz Jaenicke]
diff --git a/FAQ b/FAQ
index bea8fcf..42844d5 100644
--- a/FAQ
+++ b/FAQ
@@ -52,6 +52,7 @@
* Why can't the OpenSSH configure script detect OpenSSL?
* Can I use OpenSSL's SSL library with non-blocking I/O?
* Why doesn't my server application receive a client certificate?
+* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
===============================================================================
@@ -624,5 +625,13 @@
SSL_CTX_set_verify() function to enable the use of client certificates.
+* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
+
+For OpenSSL 0.9.7 the OID table was extended and corrected. uniqueIdentifier
+was incorrectly used for X.509 certificates. The correct name according to
+RFC2256 (LDAP) is x500UniqueIdentifier. Change your code to use the new
+name when compiling against OpenSSL 0.9.7.
+
+
===============================================================================
diff --git a/NEWS b/NEWS
index bf8f031..343eea6 100644
--- a/NEWS
+++ b/NEWS
@@ -31,6 +31,7 @@
o Reworked parts of the BIGNUM code.
o Support for new engines: Broadcom ubsec, Accelerated Encryption
Processing, IBM 4758.
+ o Extended and corrected OID (object identifier) table.
o PRNG: query at more locations for a random device, automatic query for
EGD style random sources at several locations.
o SSL/TLS: allow optional cipher choice according to server's preference.
