Assertion failure in Openssl req

[Richard Dykiel]

OpenSSL 0.9.5 Windows NT4 VC6, Openssl generated with debug info and linked statically to LIBCMTD (static debug mutltithreaded)   I am generating certificates using a customized configuration file: the config file specifies passwords so that I dont have to give them on the command line: input_password = MyTailorIsRich output_password = MyTailorIsRich   The command line is:   req -config CAconf.conf -x509 -newkey rsa:1024 -outform DER -keyout root.prk -out root.cer   I have an assertion failure originating from the line 881 of file apps\req.c:    if(passin) Free(passin); Apparently the memory pointed to by passin & passout has been freed 6 lines above:  if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf); The passin and passout pointers have been initialized by a call to CONF_get_string.   Now if I try the following command line:   req -config CAconf.conf -x509 -newkey rsa:1024 -outform DER -keyout root.prk -out root.cer -passin pass:MyTailorIsRich -passout pass:MyTailorIsRich   Everything is OK, because the passwords do not come from the configuration. The bug appears because I generated Openssl in debug version and MS provides memory checking in that case. ________________________________ Richard Dykiel, Starburst Software 150 Baker Avenue, Concord, MA 01742 http://www.starburstsoftware.com 1-800-585-3889 ext289