[[EMAIL PROTECTED] - Thu Jan 23 15:33:56 2003]: > Stephen, > > Thanks for the reply. We were kind of hit over the head with this, as > it > had been working fine for quite a while with no problems and suddenly > blew > up on us. > > Both the openssl application and the 2 dll's are the official 0.9.7 > release. > I searched the machine and these are the only versions on the machine. > I > have tried this on several machines also, just to eliminate any > concern that > it is my machine. I also tried a few of the recent snapshot stable > builds > and they exhibit the same problem. I have not backed up and tried a > 0.9.6 > build yet. > > The exact command that I ran was: > "openssl req -config openssl.cnf -new -x509 -days 12784 -sha1 > -newkey rsa:1024 -keyout CA\private\cakey.pem -out > CA\certs\cacert.pem > -passin > file:CA\pass\ca_pp -passout file:CA\pass\caout_pp" > [stuff deleted] > > Regarding compiler, I used Visual C++ 6.0 with service pack 6. nmake > version 6.00.8168.0. >
Whats SP6? Never seen that, I've got SP5 though... > I am running Windows XP, SP1 with all the updates. > > The cause is that rather large value you use for -days and the behaviour of the Windows gmtime function. If the value of time_t passed to gmtime under Windows is a date before the 1970 epoch it returns NULL instead of the static pointer to the tm structure. This isn't handled properly by the openssl code and causes a crash. The reason the time appears before the epoch is that time_t is a signed long on Win32 and if you add a big enough value it wraps around and ends up negative. So if you give a large enough -days value this will happen. The workaround is to use a smaller -days value. We should fix the openssl utility to check for errors in the appropriate functions, which would at least stop the crash and give some meaningful error message. Ideally I suppose we should have alternative routines which can handle larger dates. Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
