[openssl-users] Unclear docs -- request clarification on X509_STORE_add_cert
Dave Coombs
dcoombs at carillon.ca
Wed Jan 3 01:36:45 UTC 2018
> The observation is correct, but the conclusion is wrong.
> The object is reference counted, and X509_free() is needed
> to avoid a leak (when the store is freed along with the
> context).
My apologies -- I assumed based on its name that X509_OBJECT_up_ref_count was upping the refcount on the internal X509_OBJECT, which had taken over the X509*, which led to my conclusion that freeing the X509_STORE frees the X509 too. However, you're right, it ups the refcount on the underlying X509, and so the caller *should* free the underlying object when finished with it.
I've now confirmed with a quick test program and valgrind.
Oops,
-Dave
More information about the openssl-users
mailing list