[openssl-users] X509_STORE_free() and X509_LOOKUP_free() also frees the X509 certificates inside it

Nayna Jain naynjain at in.ibm.com
Wed Jun 10 04:50:37 UTC 2015

Thanks Jacob,
So, does that API do not increment reference count internally itself.

I mean if I have to explicitly do that, what is the API for that ?

Thanks & Regards,
Nayna Jain

From:	Jakob Bohm <jb-openssl at wisemo.com>
To:	openssl-users at openssl.org
Date:	06/10/2015 09:49 AM
Subject:	Re: [openssl-users] X509_STORE_free() and X509_LOOKUP_free()
            also frees the X509 certificates inside it
Sent by:	"openssl-users" <openssl-users-bounces at openssl.org>

On 10/06/2015 05:22, Nayna Jain wrote:

      Hi all,

      I am using X509_STORE and X509_LOOKUP to verify the certificate and
      its chain.

      But at the end when I do X509_STORE_free(store)  and X509_LOOKUP_free
      (lookup), it is also doing free of the X509* certificate which I
      But I don't want that, because after that when I immediately try to
      access X509* certificate for further operation, then it results in
      core dump

      And if I don't do X509_STORE_free() then it will leave the memory

      Let me know how to resolve this and if I misunderstood something.

X509 objects (and many other objects in the API) are
reference counted.

Increment the reference count of each certificate as
you add it to the X509_STORE, this should make the
X509 object stay around after X509_STORE_free() frees

However there is a shortage of documentation on the
reference counting functions involved.


Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150610/5a7383d1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150610/5a7383d1/attachment-0001.gif>

More information about the openssl-users mailing list