[openssl-users] Issue with freeing X509
Adi Mallikarjuna Reddy V
adimallikarjunareddy at gmail.com
Tue Oct 17 16:27:05 UTC 2017
I am only worried about the following line.
SSL_CTX_use_certificate(ctx, cert)
After this line is it safe to free cert object while ctx is still used
later on?
Thanks
Adi
On Tue, Oct 17, 2017 at 9:21 AM Benjamin Kaduk <bkaduk at akamai.com> wrote:
> You only asked about freeing the X509, which is safe in this situation.
>
> It is not safe to free the SSL_CTX if you want to use it again later --
> remove this SSL_CTX_free(ctx) call and put one in your program's cleanup
> instead.
>
> -Ben
>
> On 10/17/2017 11:08 AM, Adi Mallikarjuna Reddy V wrote:
>
> Forgot to mention that the ssl_ctx is going to be used by another thread
> later. When I do x509_free, the handshake doesn’t finish.
>
> I see a crash in ssl_accept.
>
> Thanks
> Adi
>
> On Tue, Oct 17, 2017 at 8:41 AM Benjamin Kaduk <bkaduk at akamai.com> wrote:
>
>> On 10/17/2017 08:39 AM, Adi Mallikarjuna Reddy V wrote:
>>
>> Hi,
>>
>> If I have an X509 object and is created using PEM_read_bio_X509_AUX(),
>> then Can I free X509 right after the completion of PEM_read_bio_X509_AUX()?
>>
>> BIO *cert_bio = BIO_new(BIO_s_mem());
>> X509 *cert = X509_new();
>> BIO_puts(cert_bio, cert_str.c_str());
>> cert = PEM_read_bio_X509_AUX(cert_bio,
>> &cert, NULL, NULL);
>> if ( (cert != NULL) &&
>> SSL_CTX_use_certificate(ctx, cert) < 1) {
>> SSL_CTX_free(ctx);
>>
>>
>> Yes.
>>
>> -Ben
>>
>>
>> return NULL;
>> }
>>
>> if(cert_bio !=NULL) {
>> BIO_free(cert_bio);
>> }
>> if(cert != NULL) {
>> X509_free(cert); //is it needed?
>> }
>>
>>
>> Thanks
>> Adi
>>
>>
>>
>> --
> Sent from Mobile
>
>
> --
Sent from Mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171017/8bc1bec0/attachment-0001.html>
More information about the openssl-users
mailing list