> Richard Dykiel wrote:
>
> OpenSSL 0.9.5
> Windows NT4
> VC6, Openssl generated with debug info and linked statically to
> LIBCMTD (static debug mutltithreaded)
>
> I am generating certificates using a customized configuration file:
> the config file specifies passwords so that I dont have to give them
> on the command line:
> input_password = MyTailorIsRich
> output_password = MyTailorIsRich
>
> The command line is:
>
> req -config CAconf.conf -x509 -newkey rsa:1024 -outform DER -keyout
> root.prk -out root.cer
>
> I have an assertion failure originating from the line 881 of file
> apps\req.c:
>
> if(passin) Free(passin);
> Apparently the memory pointed to by passin & passout has been freed 6
> lines above:
> if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
> The passin and passout pointers have been initialized by a call to
> CONF_get_string.
>
> Now if I try the following command line:
>
> req -config CAconf.conf -x509 -newkey rsa:1024 -outform DER -keyout
> root.prk -out root.cer -passin pass:MyTailorIsRich -passout
> pass:MyTailorIsRich
>
> Everything is OK, because the passwords do not come from the
> configuration.
> The bug appears because I generated Openssl in debug version and MS
> provides memory checking in that case.
Thanks for the report. I'll look into it.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]