<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hello,<div class=""><br class=""></div><div class="">Looking at the code in x509_lu.c, X509_STORE_add_cert() takes ownership of your X509 *cc_cert -- you don't need to (and probably shouldn't) free it.</div><div class=""><br class=""></div><div class="">Cheers,</div><div class=""> -Dave</div><div class=""><br class=""></div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Jan 2, 2018, at 19:38, Karl Denninger <<a href="mailto:karl@denninger.net" class="">karl@denninger.net</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="content-type" content="text/html; charset=utf-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class=""><p class="">Assume the following code snippet:</p><p class="">const unsigned char a_cert = {....... }; (A DER certificate we
wish to load into the context's chain storage)<br class="">
int size_a_cert = sizeof(a_cert);</p><p class="">const unsigned char *cp;</p><p class="">X509 *cc_cert;<br class="">
</p><p class="">X509_STORE *cc = SSL_CTX_get_cert_store(a_context);<br class="">
if (cc == NULL) {<br class="">
panic ("Cannot get chain; fail");<br class="">
}<br class="">
cp = a_cert;<br class="">
cc_cert = d2i_X509(NULL, &cp, size_a_cert);<br class="">
if (cc_cert == NULL) {<br class="">
panic("Cert not valid");<br class="">
}<br class="">
if (!X509_STORE_add_cert(cc, cc_cert)) { /* Push the cert
into the chain store */<br class="">
panic ("Cannot add required chain certificate");<br class="">
}<br class="">
</p><p class="">/* X509_free(cc_cert); */<br class="">
</p><p class="">The question is the last line and whether it should be there
(uncommented) -- does the X509_STORE_add_cert call load the
*reference* or does it load the *data* (allocating whatever it
needs internally to do so)? In other words do I need to keep that
X509 structure around that got allocated by the d2i_X509 call or
do I free it after I've pushed it into the store?</p><p class="">The docs are silent on this as far as I can tell but some example
code I've seen floating around doesn't free it.<br class="">
</p>
<div class="moz-signature">-- <br class="">
Karl Denninger<br class="">
<a href="mailto:karl@denninger.net" class="">karl@denninger.net</a><br class="">
<i class="">The Market Ticker</i><br class="">
<font size="-2" class=""><i class="">[S/MIME encrypted email preferred]</i></font>
</div>
</div>
-- <br class="">openssl-users mailing list<br class="">To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" class="">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br class=""></div></blockquote></div><br class=""></div></body></html>