[openssl-users] EVP_PKEY *X509_get0_pubkey(X509 *x);

[Ken Goldman]

Meta-comment:  The documentation is very thin on when objects should or 
should not be freed.  The application developer is forced to chose 
between [don't free, leak memory] and [free, access freed memory].

~~

1 - The documentation here says this API is available, but I don't see 
it in either the source or the installed header.

https://www.openssl.org/docs/manmaster/crypto/X509_get_pubkey.html

2 - The doc also says that X509_get_pubkey() can be used but "the 
returned key must be freed up after use".  It would be nice if it said 
how to free it.  I assume that EVP_PKEY_free() is correct.

3 - I use this sequence:

x509 = PEM_read_bio_X509
EVP_PKEY = X509_get_pubkey
RSA = EVP_PKEY_get1_RSA

What should be freed?  All three structures or just a subset?