[EMAIL PROTECTED] wrote:
>
> I see your point and I agree it is a stupid suggestion :-)
> But still. why does the code below then fail:
> ...
> ....
> X509_NAME_ENTRY *pX509NameEntry = NULL;
> X509_REQ *pRequest = X509_REQ_new();
> X509_NAME *pX509Name = X509_NAME_new();
>
> // Setup Country
> X509_NAME_ENTRY_create_by_NID(&pX509NameEntry, NID_countryName,
> V_ASN1_PRINTABLESTRING, (unsigned char *) "DK", 2);
> X509_NAME_add_entry(pX509Name, pX509NameEntry, 1, 1);
> X509_NAME_ENTRY_free(pX509NameEntry);
>
> // Setup Organisation
> X509_NAME_ENTRY_create_by_NID(&pX509NameEntry,
> NID_organizationName,V_ASN1_PRINTABLESTRING,(unsigned char *) "ACME", 4);
>
> The call above cause an access violation. Why ???
> If I set pX509NameEntry=NULL before I make the call I have no problems.
>
This is because the first argument to X509_NAME_ENTRY_create_by_NID is
to allow an already existing X509_NAME_ENTRY structure to be reused.
Once you free it up the data it points to is invalid and so it crashes
when its trying to reuse it.
There are several ways to do things...
1. Use the argument properly...
X509_NAME_ENTRY *pX509NameEntry = NULL;
X509_REQ *pRequest = X509_REQ_new();
X509_NAME *pX509Name = X509_NAME_new();
// Setup Country
X509_NAME_ENTRY_create_by_NID(&pX509NameEntry, NID_countryName,
V_ASN1_PRINTABLESTRING, (unsigned char *) "DK", 2);
X509_NAME_add_entry(pX509Name, pX509NameEntry, 1, 1);
// Setup Organisation
X509_NAME_ENTRY_create_by_NID(&pX509NameEntry,
NID_organizationName,V_ASN1_PRINTABLESTRING,(unsigned char *) "ACME",
4);
Note this version doesn't free up pX509NameEntry so it can be reused.
When you have done all the X509_NAME_ENTRY_create_by_NID calls with it
then you should free it up.
2. Alternatively:
X509_NAME_ENTRY *pX509NameEntry = NULL;
X509_REQ *pRequest = X509_REQ_new();
X509_NAME *pX509Name = X509_NAME_new();
// Setup Country
pX509NameEntry = X509_NAME_ENTRY_create_by_NID(NULL, NID_countryName,
V_ASN1_PRINTABLESTRING, (unsigned char *) "DK", 2);
X509_NAME_add_entry(pX509Name, pX509NameEntry, 1, 1);
X509_NAME_ENTRY_free(pX509NameEntry);
// Setup Organisation
pX509NameEntry = X509_NAME_ENTRY_create_by_NID(NULL,
NID_organizationName,V_ASN1_PRINTABLESTRING,(unsigned char *) "ACME",
4);
This version just has a new X509_NAME_ENTRY created each time and
doesn't try to reuse it.
Couple of other notes. You can set the final argument of
X509_NAME_ENTRY_create_by_NID to -1 and the function will work out the
length of the passed string for you.
You might want to change the values of the last two arguments passed to
X509_NAME_add_entry if you just want a normal DN (not the multivalued
sort) -1, 0 should just add it to the end which is what you normally
want.
This will also be easier in OpenSSL 0.9.5. I've combined several of the
functions all you'll need to do is:
X509_NAME_add_entry_by_NID(pX509Name, NID_countryName, MBSTRING_ASC,
(unsigned char *) "DK", -1, -1, 0);
and it will allocate and free structures and work out things like the
corrrect string type. Or if looking up NIDs is too painful:
X509_NAME_add_entry_by_txt(pX509Name, "CN", MBSTRING_ASC,
(unsigned char *) "DK", -1, -1, 0);
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
