Dear sirs,

There are a bug in Certificate Request generation, that was introduced in
OpenSSL-0.9.8h. In previous version of OpenSSL, i.e. 0.9.8g, this problem
wasn't verified. I verified this problem in Linux Slackware 12.0 and 12.1, but
compiling OpenSSL-0.9.8h in non-Slackware Linux I catch the same problem.

I found other people that catch this same problem:

Thanks in advance,

Rafael Jorge Csura Szendrodi
Network Administrator - PADS/COPPE/UFRJ

----------------------- Bug Output Begins --------------------------------
heres: szendro:~/temp3:[1126]> /usr/local/ssl/bin/openssl req -new -keyout
newreq.pem -out newreq.pem -days 3650 -passin pass:xxxx -passout pass:xxxx
Generating a 1024 bit RSA private key
writing new private key to 'newreq.pem'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:xxxxxxx
Error adding attribute
31055:error:0D0BF041:asn1 encoding routines:ASN1_item_dup:malloc
problems making Certificate Request
Segmentation fault (core dumped)

----------------------- Bug Output End ----------------------------------

__________________________________________________ ____________________
OpenSSL Project
Development Mailing List
Automated List Manager