<div dir="ltr">Since I tried all that and it crashes, I am going ahead and giving you the more details on how I created <i>cert/evp_pkey</i> objects.<div><br></div><div><br></div><div><i><span style="font-size:12.8px">X509 *cert = </span><span style="font-size:12.8px"> PEM_read_bio_X509_AUX(cert_bio</span><span style="font-size:12.8px">, NULL, NULL, NULL);</span></i><br></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><i>EVP_PKEY *evp_pkey = PEM_read_bio_PrivateKey(key_bio, NULL, NULL, NULL);</i></span><br></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">I tried freeing both <i>cert</i> and <i>evp_pkey</i> locally before even I use SSL_Ctx object and after using it and freeing using SSL_CTx_Free(ctx). Both results in a signal 11 crash.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><i><br></i></span></div><div><div><span style="font-size:12.8px"><i>/opt/openssl/1.0.2k/lib64/libcrypto.so.1.0.0(i2c_ASN1_INTEGER+0x10)[0x2b6a4a09d2b0]</i></span></div><div><span style="font-size:12.8px"><i>/opt/openssl/1.0.2k/lib64/libcrypto.so.1.0.0(asn1_ex_i2c+0x119)[0x2b6a4a0a8269]</i></span></div><div><span style="font-size:12.8px"><i>/opt/openssl/1.0.2k/lib64/libcrypto.so.1.0.0(+0x13835f)[0x2b6a4a0a835f]</i></span></div><div><span style="font-size:12.8px"><i>/opt/openssl/1.0.2k/lib64/libcrypto.so.1.0.0(ASN1_item_ex_i2d+0x127)[0x2b6a4a0a85d7]</i></span></div><div><span style="font-size:12.8px"><i>/opt/openssl/1.0.2k/lib64/libcrypto.so.1.0.0(+0x138b51)[0x2b6a4a0a8b51]</i></span></div><div><span style="font-size:12.8px"><i>/opt/openssl/1.0.2k/lib64/libcrypto.so.1.0.0(ASN1_item_ex_i2d+0x270)[0x2b6a4a0a8720]</i></span></div><div><span style="font-size:12.8px"><i>/opt/openssl/1.0.2k/lib64/libcrypto.so.1.0.0(+0x138bdd)[0x2b6a4a0a8bdd]</i></span></div><div><span style="font-size:12.8px"><i>/opt/openssl/1.0.2k/lib64/libcrypto.so.1.0.0(ASN1_item_ex_i2d+0x270)[0x2b6a4a0a8720]</i></span></div><div><span style="font-size:12.8px"><i>/opt/openssl/1.0.2k/lib64/libcrypto.so.1.0.0(ASN1_item_i2d+0x4b)[0x2b6a4a0a8ebb]</i></span></div><div><span style="font-size:12.8px"><i>/opt/openssl/1.0.2k/lib64/libssl.so.1.0.0(+0x463db)[0x2b6a49d473db]</i></span></div><div><span style="font-size:12.8px"><i>/opt/openssl/1.0.2k/lib64/libssl.so.1.0.0(ssl_add_cert_chain+0xb1)[0x2b6a49d47551]</i></span></div><div><span style="font-size:12.8px"><i>/opt/openssl/1.0.2k/lib64/libssl.so.1.0.0(ssl3_output_cert_chain+0x28)[0x2b6a49d2dc88]</i></span></div><div><span style="font-size:12.8px"><i>/opt/openssl/1.0.2k/lib64/libssl.so.1.0.0(ssl3_send_server_certificate+0x3d)[0x2b6a49d1b2bd]</i></span></div><div><span style="font-size:12.8px"><i>/opt/openssl/1.0.2k/lib64/libssl.so.1.0.0(ssl3_accept+0xfe8)[0x2b6a49d206b8]</i></span></div><div><span style="font-size:12.8px"><i>/opt/openssl/1.0.2k/lib64/libssl.so.1.0.0(ssl23_get_client_hello+0x94)[0x2b6a49d2f984]</i></span></div><div><span style="font-size:12.8px"><i>/opt/openssl/1.0.2k/lib64/libssl.so.1.0.0(ssl23_accept+0xa1)[0x2b6a49d30251]</i></span></div><div><br></div></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><br></span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Oct 17, 2017 at 11:37 AM, Benjamin Kaduk <span dir="ltr"><<a href="mailto:bkaduk@akamai.com" target="_blank">bkaduk@akamai.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<tt>I thought this had become documented recently (i.e., in master
only, not even in 1.1.0), but can't find any evidence of such
documentation.<br>
<br>
SSL_CTX_use_PrivateKey() takes a reference on its pkey argument in
the same way as SSL_CTX_use_certificate(); it is safe for the
local code to free its local copy.<br>
<br>
-Ben<br>
</tt><div><div class="h5"><br>
<div class="m_-3244092224747196327moz-cite-prefix">On 10/17/2017 12:32 PM, Adi
Mallikarjuna Reddy V wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Is this documented some where?
<div><br>
</div>
<div>Also is the same true - with SSL_CTX_use_PrivateKey(ctx,
evp_pkey) ? where I can free evp_pkey with EVP_PKEY_free()?</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks</div>
<div>Adi</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Oct 17, 2017 at 9:50 AM,
Benjamin Kaduk <span dir="ltr"><<a href="mailto:bkaduk@akamai.com" target="_blank">bkaduk@akamai.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span> On
10/17/2017 11:27 AM, Adi Mallikarjuna Reddy V wrote:<br>
<blockquote type="cite">
<div>
<blockquote type="cite" style="color:rgb(49,49,49);word-spacing:1px">
<div style="font-size:12.8px" dir="auto">
<div style="font-size:0.800000011920929rem" dir="auto">I am only worried about the
following line. </div>
<div style="font-size:0.800000011920929rem" dir="auto"><br>
</div>
<div style="font-size:0.800000011920929rem">SSL_CTX_use_certificate(ctx,
cert)</div>
<div style="font-size:0.800000011920929rem" dir="auto"><br>
</div>
<div style="font-size:0.800000011920929rem" dir="auto">After this line is it safe to free
cert object while ctx is still used later on?</div>
<br>
</div>
</blockquote>
</div>
</blockquote>
<br>
</span> SSL_CTX_use_certificate(ctx, cert), on successful
return, takes an additional reference on the supplied
|cert| argument to account for the pointer in |ctx|.
Thus, the caller of SSL_CTX_use_certificate() can safely
call X509_free(cert) to release the caller's local
reference, while the |ctx| retains a pointer to |cert|.<br>
<br>
-Ben<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br></div>