Python没有OPENSSL_Applink

Question

我正在尝试创建x.509证书但我遇到错误 OPENSSL_Uplink(00007FF944EF2000,08): no OPENSSL_Applink ，如下所示。我不知道如何继续。

当我四处搜寻时，我发现有人建议使用＆＃34; BIO＆＃34;打开文件，但我不知道怎么做...任何帮助将不胜感激。

import time
from M2Crypto import X509, EVP, RSA, ASN1

KeyLength=2048

CAName='TS.CN'               
ServerName='CF.CN'

CAKeyFile='ca.key'
CACerFile='ca.cer'
ServerKeyFile='server.key'
ServerCerFile='Server.cer'


def mk_ca_issuer():
    """
    Our default CA issuer name.
    """
    issuer = X509.X509_Name()
    issuer.C = 'CN'
    issuer.CN = CAName
    issuer.ST = 'TS'
    issuer.L = 'TS'
    issuer.O = 'TS'
    issuer.OU = 'TS'
    return issuer


def mk_cert_valid(cert, days=365):
    """
    Make a cert valid from now and til 'days' from now.
    Args:
       cert -- cert to make valid
       days -- number of days cert is valid for from now.
    """
    t = long(time.time())
    now = ASN1.ASN1_UTCTIME()
    now.set_time(t)
    expire = ASN1.ASN1_UTCTIME()
    expire.set_time(t + days * 24 * 60 * 60)
    cert.set_not_before(now)
    cert.set_not_after(expire)


def mk_request(bits, cn='CF.CN'):
    """
    Create a X509 request with the given number of bits in they key.
    Args:
      bits -- number of RSA key bits
      cn -- common name in the request
    Returns a X509 request and the private key (EVP)
    """
    pk = EVP.PKey()
    x = X509.Request()
    rsa = RSA.gen_key(bits, 65537, lambda: None)
    pk.assign_rsa(rsa)
    x.set_pubkey(pk)
    name = x.get_subject()
    name.C = 'CN'
    name.CN = cn
    name.ST = 'TS'
    name.O = 'TS'
    name.OU = 'TS'
    x.sign(pk,'sha1')
    return x, pk


def mk_cacert():
    """
    Make a CA certificate.
    Returns the certificate, private key and public key.
    """
    req, pk = mk_request(KeyLength)
    pkey = req.get_pubkey()
    cert = X509.X509()
    cert.set_serial_number(1)
    cert.set_version(2)
    mk_cert_valid(cert)
    cert.set_issuer(mk_ca_issuer())
    cert.set_subject(cert.get_issuer())
    cert.set_pubkey(pkey)
    cert.add_ext(X509.new_extension('basicConstraints', 'CA:TRUE'))
    cert.add_ext(X509.new_extension('subjectKeyIdentifier', cert.get_fingerprint()))
    cert.sign(pk, 'sha1')
    return cert, pk, pkey


def mk_cert():
    """
    Make a certificate.
    """
    cert = X509.X509()
    cert.set_serial_number(2)
    cert.set_version(2)
    mk_cert_valid(cert)
    cert.add_ext(X509.new_extension('nsComment', 'SSL sever'))
    return cert


def mk_casigned_cert():
    """
    Create a CA cert + server cert + server private key.
    """
    # unused, left for history.
    cacert, pk1, _ = mk_cacert()
    cert_req, pk2 = mk_request(KeyLength, cn=ServerName)
    cert = mk_cert()
    cert.set_issuer(cacert.get_issuer())
    cert.set_subject(cert_req.get_subject())
    cert.set_pubkey(cert_req.get_pubkey())
    cert.sign(pk1, 'sha1')
    return cacert, cert,pk1, pk2


if __name__ == '__main__':
    cacert, cert, pk1,pk2 = mk_casigned_cert()

    with open(CACerFile, 'w') as f:
        f.write(cacert.as_pem())
    with open(ServerCerFile, 'w') as f:
        f.write(cert.as_pem())
    with open(CAKeyFile, 'w') as f:
        f.write(pk1.as_pem(None))
    with open(ServerKeyFile, 'w') as f:
        f.write(pk2.as_pem(None))

    # Sanity checks...
    cac = X509.load_cert(CACerFile)
    print cac.verify(), cac.check_ca()
    cc = X509.load_cert(ServerCerFile)
    print cc.verify(cac.get_pubkey())

Answer 1

来自主题I've compiled a program under Windows and it crashes下的OpenSSL常见问题解答：

  

这通常是因为您错过了INSTALL.W32中的评论。您的   应用程序必须链接到相同版本的Win32 C-Runtime   您的openssl库与之链接。默认版本   对于OpenSSL是/ MD - “多线程DLL”。

     

如果您使用的是Microsoft Visual C ++的IDE（Visual Studio），那么很多   例如，您的新项目很可能默认为“调试”   单线程“ - / ML。这与/ MD和你的不可互换   程序将崩溃，通常在第一个BIO相关的读或写   操作

     

对于Win32中六种可能的链接阶段配置中的每一种，   您的应用程序必须与OpenSSL相同   建成。如果您使用的是MS Visual C ++（Studio），可以通过以下方式更改：

1. Select Settings... from the Project Menu.
2. Select the C/C++ Tab.
3. Select "Code Generation from the "Category" drop down list box
4. Select the Appropriate library (see table below) from the "Use
run-time library" drop down list box.  Perform this step for both
your debug and release versions of your application (look at the
top left of the settings panel to change between the two)

Single Threaded           /ML        -  MS VC++ often defaults to
                                        this for the release
                                        version of a new project.
Debug Single Threaded     /MLd       -  MS VC++ often defaults to
                                        this for the debug version
                                        of a new project.
Multithreaded             /MT
Debug Multithreaded       /MTd
Multithreaded DLL         /MD        -  OpenSSL defaults to this.
Debug Multithreaded DLL   /MDd

     

请注意，调试和发布库不可互换。如果你   使用/ MD构建OpenSSL你的应用程序必须使用/ MD并且不能使用   / MDD。

     

根据0.9.8，.DLL消除了上述限制。 OpenSSL的   .DLL用一些特定的运行时选项编译[我们坚持   可以使用不同的应用程序部署默认/ MD]   选项甚至不同的编译器。但是有一个问题！代替   重新编译OpenSSL工具包，就像之前一样   版本，您必须使用编译器和/或编译小C片段   您选择的选项。该片段安装为   /include/openssl/applink.c，应该添加到   你的应用程序项目或只是#include-d在一个[而且只有一个]   您的应用程序源文件。无法将此填充程序模块链接到   你的应用程序表现为致命的“没有OPENSSL_Applink”   运行时错误。在这种情况下，明确的提醒是由于   [混合编译器选项]添加CRYPTO_malloc_init同样重要   之前第一次打电话给OpenSSL。