[openssl-users] X509_STORE_free() and X509_LOOKUP_free() also frees the X509 certificates inside it
Thulasi Goriparthi
thulasi.goriparthi at gmail.com
Wed Jun 10 10:41:45 UTC 2015
X509_STORE_add_cert increments the reference count of the each cert, but
only by 1.
X509_STORE_free decrements the ref count by 1. So after decrementing, if
ref_count is 0, certificate will be freed.
Jakob is saying that if you want them to stay even after X509_STORE_free,
explicitly increment the ref count before calling free using something like
below.
CRYPTO_add(certificate->references, 1, CRYPTO_LOCK_X509);
decrypt the ref count when you really want to free them and call
X509_free(certificate).
On 10 June 2015 at 10:20, Nayna Jain <naynjain at in.ibm.com> wrote:
> Thanks Jacob,
> So, does that API do not increment reference count internally itself.
>
> I mean if I have to explicitly do that, what is the API for that ?
>
> Thanks & Regards,
> Nayna Jain
>
> [image: Inactive hide details for Jakob Bohm ---06/10/2015 09:49:54
> AM---On 10/06/2015 05:22, Nayna Jain wrote: >]Jakob Bohm ---06/10/2015
> 09:49:54 AM---On 10/06/2015 05:22, Nayna Jain wrote: >
>
> From: Jakob Bohm <jb-openssl at wisemo.com>
> To: openssl-users at openssl.org
> Date: 06/10/2015 09:49 AM
> Subject: Re: [openssl-users] X509_STORE_free() and X509_LOOKUP_free()
> also frees the X509 certificates inside it
> Sent by: "openssl-users" <openssl-users-bounces at openssl.org>
> ------------------------------
>
>
>
>
> On 10/06/2015 05:22, Nayna Jain wrote:
>
>
> Hi all,
>
> I am using X509_STORE and X509_LOOKUP to verify the certificate and
> its chain.
>
> But at the end when I do X509_STORE_free(store) and
> X509_LOOKUP_free(lookup), it is also doing free of the X509* certificate
> which I added.
> But I don't want that, because after that when I immediately try to
> access X509* certificate for further operation, then it results in core dump
>
> And if I don't do X509_STORE_free() then it will leave the memory leak.
>
> Let me know how to resolve this and if I misunderstood something.
>
>
> X509 objects (and many other objects in the API) are
> reference counted.
>
> Increment the reference count of each certificate as
> you add it to the X509_STORE, this should make the
> X509 object stay around after X509_STORE_free() frees
> it.
>
> However there is a shortage of documentation on the
> reference counting functions involved.
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S. *http://www.wisemo.com*
> <http://www.wisemo.com/>
>
> Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150610/c0c30c11/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150610/c0c30c11/attachment.gif>
More information about the openssl-users
mailing list