Errata

Here are the errors and omissions reported for the book. If you notice something missing or find something appropriate to add, Mail us!

Page	Description
10	On the second line of the fourth paragraph, "... she can sign it with her public key."; "public" should be "private".
39	In the last para of the RSA section. The sentence "In general, we do not recommend that you use this command at all for signing data." should have the word "signing" replaced with "encrypting".
40-41	In the paragraph spanning the two pages; "... trust can be established if the certificate that issued a certificate...", The first instance of "certificate" should read "Certification Authority".
56	In the fourth full paragraph on the page, every instance of "certificate" should be changed to "private key".
57	In the first paragraph under the section "Code-Signing Certificates", the last word of the third sentence should be changed from "certificate" to "private key".
65	In Example 3-5, the command output shown is incorrect (it shows a 1024 bit CA key, but given the example and the configuration file, the key would in fact be 2048 bits). Correct sample output is here.
75	In the first sentence in the section "Static Locking Callbacks", the word provide is misspelled.
76	In Example 4-1, the 11th line should be: #elif defined(_POSIX_THREADS) rather than: #elif _POSIX_THREADS
76	In Example 4-1, the 25th line should be: static MUTEX_TYPE *mutex_buf = NULL; rather than: static MUTEX_TYPE mutex_buf[] = NULL;
80	In Example 4-2, the 30th line should be: MUTEX_CLEANUP(l->mutex); rather than: MUTEX_CLEANUP(l->mutexp);
97	In the Random Number Generation section, documentation of RAND_bytes and RAND_pseudo_bytes was omitted. These are API functions for programmers to use when they need random numbers from OpenSSL. The following are the declarations for these functions. int RAND_bytes(unsigned char *buf, int num); int RAND_pseudo_bytes(unsigned char *buf, int num); The first of these functions writes num bytes of cryptographically strong random bytes into the memory at buf. The second function does precisely the same thing except that the random bytes provided are not necessarily unpredictable. The latter function is not suitable for cryptographic needs (it is no more secure than functions like rand). For more information on these functions, see the man page for RAND_bytes here.
115	In the function init_OpenSSL, SSL_init_library() should be SSL_library_init()
117	In Example 5-4, the 5th line should be: int err, nread; rather than: int done, err, nread;
127	In Example 5-6, the 88th line should be: THREAD_CREATE(tid, server_thread, ssl); rather than: THREAD_create(tid, server_thread, ssl);
138	In Example 5-9, line 3 should read: #define CAFILE "rootcert.pem"
140	In Example 5-10, line 3 should read: #define CAFILE "rootcert.pem"
140	In Example 5-10, the for(;;){ ... } loop from lines 30-40 in the function do_server_loop should rather be a do { ... } while (err < 0); loop.
141	In Example 5-10, the 66th line should be: ERR_remove_state(0); rather than: ERR_remove_state(0)
141	In Example 5-10, the 101th line should be: THREAD_CREATE(tid, server_thread, ssl); rather than: THREAD_create(tid, server_thread, ssl);
147	In Example 5-11, line 4 should read: #define CAFILE "rootcert.pem"
148	In Example 5-12, line 48 should read: #define CAFILE "rootcert.pem"
160	On lines 35 and 36 of Example 5-16, function name should be set_nonblocking rather than set_non-blocking.
175	All AES modes use 128-bit blocks. Remove all references to variable block sizes. Rijndael, which became AES, supports variable block lengths, but the AES specification fixes the block size.
288	In Example 10-6 on line 77 (third line of code from bottom of the page), the parentheses do not match up. The line should rather be: if (X509_REQ_verify(req, pkey) != 1)
289	In Example 10-6 on line 129 (third line of code from bottom of the page), the parentheses do not match up. The line should rather be: if (X509_set_pubkey(cert, pkey) != 1)