[openssl-users] Unclear docs -- request clarification on X509_STORE_add_cert

Karl Denninger karl at denninger.net
Wed Jan 3 02:24:49 UTC 2018


On 1/2/2018 19:36, Dave Coombs wrote:
>> The observation is correct, but the conclusion is wrong.
>> The object is reference counted, and X509_free() is needed
>> to avoid a leak (when the store is freed along with the
>> context).
> My apologies -- I assumed based on its name that X509_OBJECT_up_ref_count was upping the refcount on the internal X509_OBJECT, which had taken over the X509*, which led to my conclusion that freeing the X509_STORE frees the X509 too.  However, you're right, it ups the refcount on the underlying X509, and so the caller *should* free the underlying object when finished with it.
>
> I've now confirmed with a quick test program and valgrind.
>
> Oops,
>   -Dave
Thanks.

-- 
Karl Denninger
karl at denninger.net <mailto:karl at denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180102/7c719e91/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4897 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180102/7c719e91/attachment.bin>


More information about the openssl-users mailing list