Sorry, SP5 not SP6. I figured it had to do with a time value overflowing a variable size. I'll crank down the days value temporarily to workaround it.
Thanks for the help. Felt silly sending off the report instead of just digging in and fixing it, but staying ahead of layoffs here has kept me more than busy. -Jason -----Original Message----- From: Stephen Henson via RT [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 12:46 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [openssl.org #472] Exception when running "openssl req" command after Jan 18th [[EMAIL PROTECTED] - Thu Jan 23 15:33:56 2003]: > Stephen, > > Thanks for the reply. We were kind of hit over the head with this, as > it had been working fine for quite a while with no problems and > suddenly blew > up on us. > > Both the openssl application and the 2 dll's are the official 0.9.7 > release. I searched the machine and these are the only versions on the > machine. I > have tried this on several machines also, just to eliminate any > concern that > it is my machine. I also tried a few of the recent snapshot stable > builds > and they exhibit the same problem. I have not backed up and tried a > 0.9.6 > build yet. > > The exact command that I ran was: > "openssl req -config openssl.cnf -new -x509 -days 12784 -sha1 -newkey > rsa:1024 -keyout CA\private\cakey.pem -out CA\certs\cacert.pem > -passin > file:CA\pass\ca_pp -passout file:CA\pass\caout_pp" > [stuff deleted] > > Regarding compiler, I used Visual C++ 6.0 with service pack 6. nmake > version 6.00.8168.0. > Whats SP6? Never seen that, I've got SP5 though... > I am running Windows XP, SP1 with all the updates. > > The cause is that rather large value you use for -days and the behaviour of the Windows gmtime function. If the value of time_t passed to gmtime under Windows is a date before the 1970 epoch it returns NULL instead of the static pointer to the tm structure. This isn't handled properly by the openssl code and causes a crash. The reason the time appears before the epoch is that time_t is a signed long on Win32 and if you add a big enough value it wraps around and ends up negative. So if you give a large enough -days value this will happen. The workaround is to use a smaller -days value. We should fix the openssl utility to check for errors in the appropriate functions, which would at least stop the crash and give some meaningful error message. Ideally I suppose we should have alternative routines which can handle larger dates. Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
