[openssl-users] Issue with freeing X509
Benjamin Kaduk
bkaduk at akamai.com
Tue Oct 17 18:37:02 UTC 2017
I thought this had become documented recently (i.e., in master only, not
even in 1.1.0), but can't find any evidence of such documentation.
SSL_CTX_use_PrivateKey() takes a reference on its pkey argument in the
same way as SSL_CTX_use_certificate(); it is safe for the local code to
free its local copy.
-Ben
On 10/17/2017 12:32 PM, Adi Mallikarjuna Reddy V wrote:
> Is this documented some where?
>
> Also is the same true - with SSL_CTX_use_PrivateKey(ctx, evp_pkey) ?
> where I can free evp_pkey with EVP_PKEY_free()?
>
>
> Thanks
> Adi
>
> On Tue, Oct 17, 2017 at 9:50 AM, Benjamin Kaduk <bkaduk at akamai.com
> <mailto:bkaduk at akamai.com>> wrote:
>
> On 10/17/2017 11:27 AM, Adi Mallikarjuna Reddy V wrote:
>>> I am only worried about the following line.
>>>
>>> SSL_CTX_use_certificate(ctx, cert)
>>>
>>> After this line is it safe to free cert object while ctx is
>>> still used later on?
>>>
>
> SSL_CTX_use_certificate(ctx, cert), on successful return, takes an
> additional reference on the supplied |cert| argument to account
> for the pointer in |ctx|. Thus, the caller of
> SSL_CTX_use_certificate() can safely call X509_free(cert) to
> release the caller's local reference, while the |ctx| retains a
> pointer to |cert|.
>
> -Ben
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171017/73cc5aa0/attachment.html>
More information about the openssl-users
mailing list