[openssl-users] Issue with freeing X509

Benjamin Kaduk bkaduk at akamai.com
Tue Oct 17 18:37:02 UTC 2017

I thought this had become documented recently (i.e., in master only, not
even in 1.1.0), but can't find any evidence of such documentation.

SSL_CTX_use_PrivateKey() takes a reference on its pkey argument in the
same way as SSL_CTX_use_certificate(); it is safe for the local code to
free its local copy.


On 10/17/2017 12:32 PM, Adi Mallikarjuna Reddy V wrote:
> Is this documented some where? 
> Also is the same true - with SSL_CTX_use_PrivateKey(ctx, evp_pkey) ?
> where I can free evp_pkey with EVP_PKEY_free()?
> Thanks
> Adi
> On Tue, Oct 17, 2017 at 9:50 AM, Benjamin Kaduk <bkaduk at akamai.com
> <mailto:bkaduk at akamai.com>> wrote:
>     On 10/17/2017 11:27 AM, Adi Mallikarjuna Reddy V wrote:
>>>     I am only worried about the following line. 
>>>     SSL_CTX_use_certificate(ctx, cert)
>>>     After this line is it safe to free cert object while ctx is
>>>     still used later on?
>     SSL_CTX_use_certificate(ctx, cert), on successful return, takes an
>     additional reference on the supplied |cert| argument to account
>     for the pointer in |ctx|.  Thus, the caller of
>     SSL_CTX_use_certificate() can safely call X509_free(cert) to
>     release the caller's local reference, while the |ctx| retains a
>     pointer to |cert|.
>     -Ben

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171017/73cc5aa0/attachment.html>

More information about the openssl-users mailing list