[openssl-users] EVP_PKEY *X509_get0_pubkey(X509 *x);

Ken Goldman kgoldman at us.ibm.com
Thu Jan 7 18:39:50 UTC 2016

Meta-comment:  The documentation is very thin on when objects should or 
should not be freed.  The application developer is forced to chose 
between [don't free, leak memory] and [free, access freed memory].


1 - The documentation here says this API is available, but I don't see 
it in either the source or the installed header.


2 - The doc also says that X509_get_pubkey() can be used but "the 
returned key must be freed up after use".  It would be nice if it said 
how to free it.  I assume that EVP_PKEY_free() is correct.

3 - I use this sequence:

x509 = PEM_read_bio_X509
EVP_PKEY = X509_get_pubkey

What should be freed?  All three structures or just a subset?

More information about the openssl-users mailing list