Python no OPENSSL_Applink

Question

我試圖創建一個x.509證書，但我一直遇到如下所示的錯誤OPENSSL_Uplink(00007FF944EF2000,08): no OPENSSL_Applink。我並不確定如何繼續。

當我搜索的時候，我發現有人建議採用「生物」來打開該文件，但我不知道該怎麼做...任何幫助將不勝感激。

import time 
from M2Crypto import X509, EVP, RSA, ASN1 

KeyLength=2048 

CAName='TS.CN'    
ServerName='CF.CN' 

CAKeyFile='ca.key' 
CACerFile='ca.cer' 
ServerKeyFile='server.key' 
ServerCerFile='Server.cer' 


def mk_ca_issuer(): 
    """ 
    Our default CA issuer name. 
    """ 
    issuer = X509.X509_Name() 
    issuer.C = 'CN' 
    issuer.CN = CAName 
    issuer.ST = 'TS' 
    issuer.L = 'TS' 
    issuer.O = 'TS' 
    issuer.OU = 'TS' 
    return issuer 


def mk_cert_valid(cert, days=365): 
    """ 
    Make a cert valid from now and til 'days' from now. 
    Args: 
     cert -- cert to make valid 
     days -- number of days cert is valid for from now. 
    """ 
    t = long(time.time()) 
    now = ASN1.ASN1_UTCTIME() 
    now.set_time(t) 
    expire = ASN1.ASN1_UTCTIME() 
    expire.set_time(t + days * 24 * 60 * 60) 
    cert.set_not_before(now) 
    cert.set_not_after(expire) 


def mk_request(bits, cn='CF.CN'): 
    """ 
    Create a X509 request with the given number of bits in they key. 
    Args: 
     bits -- number of RSA key bits 
     cn -- common name in the request 
    Returns a X509 request and the private key (EVP) 
    """ 
    pk = EVP.PKey() 
    x = X509.Request() 
    rsa = RSA.gen_key(bits, 65537, lambda: None) 
    pk.assign_rsa(rsa) 
    x.set_pubkey(pk) 
    name = x.get_subject() 
    name.C = 'CN' 
    name.CN = cn 
    name.ST = 'TS' 
    name.O = 'TS' 
    name.OU = 'TS' 
    x.sign(pk,'sha1') 
    return x, pk 


def mk_cacert(): 
    """ 
    Make a CA certificate. 
    Returns the certificate, private key and public key. 
    """ 
    req, pk = mk_request(KeyLength) 
    pkey = req.get_pubkey() 
    cert = X509.X509() 
    cert.set_serial_number(1) 
    cert.set_version(2) 
    mk_cert_valid(cert) 
    cert.set_issuer(mk_ca_issuer()) 
    cert.set_subject(cert.get_issuer()) 
    cert.set_pubkey(pkey) 
    cert.add_ext(X509.new_extension('basicConstraints', 'CA:TRUE')) 
    cert.add_ext(X509.new_extension('subjectKeyIdentifier', cert.get_fingerprint())) 
    cert.sign(pk, 'sha1') 
    return cert, pk, pkey 


def mk_cert(): 
    """ 
    Make a certificate. 
    """ 
    cert = X509.X509() 
    cert.set_serial_number(2) 
    cert.set_version(2) 
    mk_cert_valid(cert) 
    cert.add_ext(X509.new_extension('nsComment', 'SSL sever')) 
    return cert 


def mk_casigned_cert(): 
    """ 
    Create a CA cert + server cert + server private key. 
    """ 
    # unused, left for history. 
    cacert, pk1, _ = mk_cacert() 
    cert_req, pk2 = mk_request(KeyLength, cn=ServerName) 
    cert = mk_cert() 
    cert.set_issuer(cacert.get_issuer()) 
    cert.set_subject(cert_req.get_subject()) 
    cert.set_pubkey(cert_req.get_pubkey()) 
    cert.sign(pk1, 'sha1') 
    return cacert, cert,pk1, pk2 


if __name__ == '__main__': 
    cacert, cert, pk1,pk2 = mk_casigned_cert() 

    with open(CACerFile, 'w') as f: 
     f.write(cacert.as_pem()) 
    with open(ServerCerFile, 'w') as f: 
     f.write(cert.as_pem()) 
    with open(CAKeyFile, 'w') as f: 
     f.write(pk1.as_pem(None)) 
    with open(ServerKeyFile, 'w') as f: 
     f.write(pk2.as_pem(None)) 

    # Sanity checks... 
    cac = X509.load_cert(CACerFile) 
    print cac.verify(), cac.check_ca() 
    cc = X509.load_cert(ServerCerFile) 
    print cc.verify(cac.get_pubkey()) 

Answer 1

從OpenSSL的常見問題解答的題目I've compiled a program under Windows and it crashes下：

這通常是因爲你已經錯過了INSTALL.W32評論。你 應用程序必須鏈接到同一個版本所針對的OpenSSL庫被鏈接的Win32的C運行時 的。 OpenSSL的默認版本 是/ MD - 「多線程DLL」。

如果您使用的是Microsoft Visual C++的IDE（Visual Studio），在許多 的情況下，您的新項目很可能默認爲「Debug Singlethreaded」 -/ML。這是不是與/ MD和你 程序互換會崩潰，通常在第一次BIO相關的讀取或寫入操作 。

對於Win32中的六個可能的鏈接階段配置中的每一個， 您的應用程序必須與建立的OpenSSL爲 的鏈接相同。如果你正在使用微軟的Visual C++（工作室），這可以通過改變：

1. Select Settings... from the Project Menu. 
2. Select the C/C++ Tab. 
3. Select "Code Generation from the "Category" drop down list box 
4. Select the Appropriate library (see table below) from the "Use 
run-time library" drop down list box. Perform this step for both 
your debug and release versions of your application (look at the 
top left of the settings panel to change between the two) 

Single Threaded   /ML  - MS VC++ often defaults to 
             this for the release 
             version of a new project. 
Debug Single Threaded  /MLd  - MS VC++ often defaults to 
             this for the debug version 
             of a new project. 
Multithreaded    /MT 
Debug Multithreaded  /MTd 
Multithreaded DLL   /MD  - OpenSSL defaults to this. 
Debug Multithreaded DLL /MDd 

注意，調試和發佈庫不能互換。如果您 內置的OpenSSL與/ MD您的應用程序必須使用/ MD和不能使用 /MDD。

按照0.9.8上述限制被消除了的.DLL。與一些特定的運行時間選項[我們堅持 默認/ MD]編譯OpenSSL的 .DLL文件可以應用不同 選項，甚至不同的編譯器編譯部署。但是有一個問題！取而代之的 重新編譯OpenSSL工具箱，因爲你必須事先 版本中，你必須編譯編譯器和/或您所選擇的選項 小C段。該片段被安裝爲 /include/openssl/applink.c，應要麼加入 您的應用程序項目或只是＃包括-d的 您的應用程序源文件在一個[只有一個。如果未將此墊片模塊鏈接到 ，則您的應用程序將自身顯示爲致命的「no OPENSSL_Applink」 運行時錯誤。明確提醒的是，在這種情況下 [混合編譯器選項]，在首次調用OpenSSL之前添加CRYPTO_malloc_init 同樣重要。