-----Original Message----- From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Michael Wojcik Sent: 25 May 2016 15:35 To: openssl-users at openssl.org Subject: Re: openssl-1.1.0 - Linker error on Windows > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On > Behalf Of Matt Caswell > Sent: Wednesday, May 25, 2016 08:05 > To: openssl-users at openssl.org > Subject: Re: [openssl-users] openssl-1.1.0 - Linker error on Windows > > > On 25/05/16 14:59, Michael Wojcik wrote: > > > >> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On > >> Behalf Of Andrew Hartley Sent: Wednesday, May 25, 2016 05:20 > > > >> I've built the openssl-1.1.0 library with no-shared config option > >> on Windows. I've linked the library to my application > and fixed > >> the few issues with EVP_MD_CTX deprication. When I build my > >> application I get the following link errors: > > > >> 1>libcrypto.lib(e_capi.obj) : error LNK2019: unresolved external > >> symbol __imp__CertFreeCertificateContext at 4 referenced in function > >> _capi_free_key > > > > You have the CAPI engine linked into libcrypto (rather than > > configuring it for dynamic loading) > > IIRC it is no longer possible to build for static linking but > dynamically load engines (there be dragons). Perhaps not. I have a hybrid engine mechanism where I build OpenSSL as a static library but as sharable code, link it statically into my own shared library (DLL on Windows, shared object on Linux/UNIX), and add an engine at runtime. The engine is implemented in my library, so it's not actually dynamically loaded, but it isn't statically linked into OpenSSL either. That seems to work fine, at least for 1.0.1 and 1.0.2. (Of course, Configure doesn't actually support building OpenSSL as static libraries of sharable code, so we have to edit the configurations we use with each release. But such is life.) > >, so you need to link against the > > Windows CAPI library, which is crypt32.lib. Add /Lcrypt32, either > >when you create libcrypto or when you link your application. > > Another possibility, if you are not using the CAPI engine, is to > disable it during the OpenSSL build using the no-capieng Configure option. Yes. I was assuming Andrew wanted CAPI support and had configured it explicitly, but that isn't a safe assumption. If he doesn't need it, then disabling it in the configure options is the most sensible course. I've switched it off via the configure options. All working fine now thank you. Andrew ______________________________________________________________________ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________