[openssl-users] Issue with freeing X509

Benjamin Kaduk bkaduk at akamai.com
Tue Oct 17 18:37:02 UTC 2017


I thought this had become documented recently (i.e., in master only, not
even in 1.1.0), but can't find any evidence of such documentation.

SSL_CTX_use_PrivateKey() takes a reference on its pkey argument in the
same way as SSL_CTX_use_certificate(); it is safe for the local code to
free its local copy.

-Ben

On 10/17/2017 12:32 PM, Adi Mallikarjuna Reddy V wrote:
> Is this documented some where? 
>
> Also is the same true - with SSL_CTX_use_PrivateKey(ctx, evp_pkey) ?
> where I can free evp_pkey with EVP_PKEY_free()?
>
>
> Thanks
> Adi
>
> On Tue, Oct 17, 2017 at 9:50 AM, Benjamin Kaduk <bkaduk at akamai.com
> <mailto:bkaduk at akamai.com>> wrote:
>
>     On 10/17/2017 11:27 AM, Adi Mallikarjuna Reddy V wrote:
>>>     I am only worried about the following line. 
>>>
>>>     SSL_CTX_use_certificate(ctx, cert)
>>>
>>>     After this line is it safe to free cert object while ctx is
>>>     still used later on?
>>>
>
>     SSL_CTX_use_certificate(ctx, cert), on successful return, takes an
>     additional reference on the supplied |cert| argument to account
>     for the pointer in |ctx|.  Thus, the caller of
>     SSL_CTX_use_certificate() can safely call X509_free(cert) to
>     release the caller's local reference, while the |ctx| retains a
>     pointer to |cert|.
>
>     -Ben
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171017/73cc5aa0/attachment.html>


More information about the openssl-users mailing list