[openssl-users] X509_STORE_free() and X509_LOOKUP_free() also frees the X509 certificates inside it

Jakob Bohm jb-openssl at wisemo.com
Wed Jun 10 04:18:52 UTC 2015

On 10/06/2015 05:22, Nayna Jain wrote:
> Hi all,
> I am using X509_STORE and X509_LOOKUP to verify the certificate and 
> its chain.
> But at the end when I do X509_STORE_free(store)  and 
> X509_LOOKUP_free(lookup), it is also doing free of the X509* 
> certificate which I added.
> But I don't want that, because after that when I immediately try to 
> access X509* certificate for further operation, then it results in 
> core dump
> And if I don't do X509_STORE_free() then it will leave the memory leak.
> Let me know how to resolve this and if I misunderstood something.
X509 objects (and many other objects in the API) are
reference counted.

Increment the reference count of each certificate as
you add it to the X509_STORE, this should make the
X509 object stay around after X509_STORE_free() frees

However there is a shortage of documentation on the
reference counting functions involved.


Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150610/96000f47/attachment.html>

More information about the openssl-users mailing list