[openssl-users] Issue with freeing X509
Benjamin Kaduk
bkaduk at akamai.com
Tue Oct 17 16:21:01 UTC 2017
You only asked about freeing the X509, which is safe in this situation.
It is not safe to free the SSL_CTX if you want to use it again later --
remove this SSL_CTX_free(ctx) call and put one in your program's cleanup
instead.
-Ben
On 10/17/2017 11:08 AM, Adi Mallikarjuna Reddy V wrote:
> Forgot to mention that the ssl_ctx is going to be used by another
> thread later. When I do x509_free, the handshake doesn’t finish.
>
> I see a crash in ssl_accept.
>
> Thanks
> Adi
>
> On Tue, Oct 17, 2017 at 8:41 AM Benjamin Kaduk <bkaduk at akamai.com
> <mailto:bkaduk at akamai.com>> wrote:
>
> On 10/17/2017 08:39 AM, Adi Mallikarjuna Reddy V wrote:
>> Hi,
>>
>> If I have an X509 object and is created
>> using PEM_read_bio_X509_AUX(), then Can I free X509 right after
>> the completion of PEM_read_bio_X509_AUX()?
>>
>> BIO *cert_bio = BIO_new(BIO_s_mem());
>> X509 *cert = X509_new();
>> BIO_puts(cert_bio, cert_str.c_str());
>> cert =
>> PEM_read_bio_X509_AUX(cert_bio, &cert, NULL, NULL);
>> if ( (cert != NULL) &&
>> SSL_CTX_use_certificate(ctx, cert) < 1) {
>> SSL_CTX_free(ctx);
>
> Yes.
>
> -Ben
>
>
>> return NULL;
>> }
>>
>> if(cert_bio !=NULL) {
>> BIO_free(cert_bio);
>> }
>> if(cert != NULL) {
>> X509_free(cert); //is it
>> needed?
>> }
>>
>>
>> Thanks
>> Adi
>>
>>
>
> --
> Sent from Mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171017/e95777df/attachment.html>
More information about the openssl-users
mailing list