[openssl-dev] OpenSSL 1.1 SSL_CTX issues
Howard Chu
hyc at highlandsun.com
Thu Jan 21 17:33:51 UTC 2016
In OpenLDAP we've been using
CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX)
to manage our own SSL_CTXs but this is not possible with current 1.1. Making
the structures opaque is a good move, but please provide methods to manipulate
refcounts.
Currently ssl_lib.c appears to bump the ctx refcount twice, in SSL_new. Why is
that?
https://github.com/openssl/openssl/blob/master/ssl/ssl_lib.c#L670
https://github.com/openssl/openssl/blob/master/ssl/ssl_lib.c#L681
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the openssl-dev
mailing list