Hello,
We are currently using OpenSSL for a network communications program.
However we have encountered an obscure bug on windows where we are
unable to print X509 certificates without receiving:
OPENSSL_Uplink(10109000,08): no OPENSSL_Applink
A sample program is attached.
Running with /MD, /MDd, /MT, or /MTd does not solve the problem.
Thanks,
-Colin
#include <WinSock.h>
#include <assert.h>
#include <stdio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
enum {
DEFAULT_KEY_BITS = 1024,
DEFAULT_CERT_DURATION = 60 * 60 * 24 * 365,
};
#define CERTIFICATE_COMMENT "Automatically generated by Ncat. See http://nmap.org/ncat/.";
int main(int argc, char * argv)
{
X509 * temp;
X509 ** cert = &temp;
EVP_PKEY * tempp;
EVP_PKEY **key = &tempp;
RSA *rsa;
X509_NAME *subj;
X509_EXTENSION *ext;
X509V3_CTX ctx;
const char *commonName = "localhost";
char dNSName[128];
int rc;
*cert = NULL;
*key = NULL;
/* Generate a private key. */
*key = EVP_PKEY_new();
if (*key == NULL)
goto err;
do {
rsa = RSA_generate_key(DEFAULT_KEY_BITS, RSA_F4, NULL, NULL);
if (rsa == NULL)
goto err;
rc = RSA_check_key(rsa);
} while (rc == 0);
if (rc == -1)
return -1;
if (EVP_PKEY_assign_RSA(*key, rsa) == 0) {
RSA_free(rsa);
goto err;
}
/* Generate a certificate. */
*cert = X509_new();
if (*cert == NULL)
goto err;
if (X509_set_version(*cert, 2) == 0) /* Version 3. */
goto err;
ASN1_INTEGER_set(X509_get_serialNumber(*cert), 0xFFFFFFFF & 0x7FFFFFFF);
/* Set the commonName. */
subj = X509_get_subject_name(*cert);
if (X509_NAME_add_entry_by_txt(subj, "commonName", MBSTRING_ASC,
(unsigned char *) commonName, -1, -1, 0) == 0) {
goto err;
}
/* Set the dNSName. */
rc = sprintf(dNSName, "DNS:%s", commonName);
if (rc < 0 || rc >= sizeof(dNSName))
goto err;
X509V3_set_ctx(&ctx, *cert, *cert, NULL, NULL, 0);
ext = X509V3_EXT_conf(NULL, &ctx, "subjectAltName", dNSName);
if (ext == NULL)
goto err;
if (X509_add_ext(*cert, ext, -1) == 0)
goto err;
/* Set a comment. */
ext = X509V3_EXT_conf(NULL, &ctx, "nsComment", CERTIFICATE_COMMENT);
if (ext == NULL)
goto err;
if (X509_add_ext(*cert, ext, -1) == 0)
goto err;
if (X509_set_issuer_name(*cert, X509_get_subject_name(*cert)) == 0
|| X509_gmtime_adj(X509_get_notBefore(*cert), 0) == 0
|| X509_gmtime_adj(X509_get_notAfter(*cert), DEFAULT_CERT_DURATION) == 0
|| X509_set_pubkey(*cert, *key) == 0) {
goto err;
}
/* Sign it. */
if (X509_sign(*cert, *key, EVP_sha1()) == 0)
goto err;
X509_NAME_print_ex_fp(stderr, X509_get_subject_name(*cert), 0, 0);
return 99;
err:
if (*cert != NULL)
X509_free(*cert);
if (*key != NULL)
EVP_PKEY_free(*key);
return -1;
}
