> From: owner-openssl-us...@openssl.org On Behalf Of Tim Ward > Sent: Monday, 16 November, 2009 12:01
> Further info: > > I get the same results running the pkread.c sample program. > > If I compile with /MD without the applink stuff present it works. > What toolset (mingw or msvc, and which version) and library build (own or other) are you using? You indicate you have symbols and source for MSVCRT which suggests msvc but not necessarily. And your source is slightly different from my rather elderly one (MSVC++ 6). > If I compile with /MDd with the applink stuff present and put > a breakpoint > on OPENSSL_ApplinkTable it is never called. > OK, that's very suspicious. I checked the builds I have handy, 0.9.8g and 0.9.8k, and it appears that only the mingw configure sets _USE_APPLINK; VC-WIN32 (which I use) leaves it out, which switches off all the uplink/applink stuff. But I use static linking, so it has never been an issue for me. > So it seems like I have failed to understand the stuff in the > FAQ about > applink.c ... what have I missed? > I suggest: - use static linking (and necessarily /MD to match the library) - use /MD to match the library, and DLL should work as you found - use mingw (probably more work) - don't use calls which pass FILE* across the API. E.g. use BIO_new_file to create a BIO reading the file (using the DLL's CRT) and use d2i_PKCS12_bio on that. (As commandline apps/ does.) - ask for it to be fixed (probably not a priority right now) or fix it yourself (may require a lot of re-testing) > ----- Original Message ----- > From: "Tim Ward" <t...@brettward.co.uk> > To: <openssl-users@openssl.org> > Sent: Monday, November 16, 2009 3:25 PM > Subject: Getting started - d2i_PKCS12_fp > > > My first attempt at using OpenSSL. (BTW I haven't found > anything much in > > the way of documentation - is there any that I might have missed?) > > For native Windows, not that I know of. On Unix -- including cygwin I'd bet, although I don't use it myself -- there are man pages. <snip: d2i_PKCS12_fp fails in CRT _setmode> > > #include "openssl\applink.c" // copied from FAQ, don't > know what it > > does > > As you can see in the source, it compiles a (C-linkage) function (into your EXE) that provides pointers to the C-runtime stdio routines (directly if out-of-line, trivial wrappers for macros). The purpose, not explicitly stated, is that OpenSSL library code, even if in a DLL, can use these pointers to get to the correct CRT i.e. the one used by the EXE, even though that might not have been known when OpenSSL was compiled so it couldn't call directly. This is only needed on Windows; other systems have only one C-lib at a time, or else figure out a way to keep them compatible. But as above it apparently doesn't get configured for VC. > > and then > > > > CRYPTO_malloc_init(); // copied from FAQ, don't know what it does This does almost the same thing for malloc,realloc,free i.e. it gives the OpenSSL code pointers to the correct=EXE CRT routines. It's separate because it's much older, because the functionality of substituting a different heapmanager (e.g. a debugging one) was useful on other systems too. > > SSLeay_add_all_algorithms(); // copied from sample code, > don't know > > what > > it does Puts all known cipher/hash/etc. algorithms in a table from whence they can be accessed by EVP name/OID lookups. Not needed to just read a P12, but if you want to decrypt or verify it, I believe that will need lookup by OID. (Unless it's cert-only, and then you might as well have used a P7 or just a PEM file.) > > ERR_load_crypto_strings(); // copied from sample code, > don't know what > > it does > > OpenSSL uses 32-bit error values that encode module, routine, and detail error, and has internal tables that expand these numbers to (hopefully!) meaningful descriptive strings. For constrained-memory applications these tables can be omitted and the error values decoded on a different (larger) system. This call loads up all the 'crypto' module strings. You can load only selected modules if you want, but it's not worth the complexity. For SSL protocol, use SSL_load_error_strings instead; that loads all 'crypto' module plus all 'ssl' module. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
