[openssl-users] Issue with freeing X509

Adi Mallikarjuna Reddy V adimallikarjunareddy at gmail.com
Tue Oct 17 19:07:14 UTC 2017

Since I tried all that and it crashes, I am going ahead and giving you the
more details on how I created *cert/evp_pkey* objects.

*X509 *cert =  PEM_read_bio_X509_AUX(cert_bio, NULL, NULL, NULL);*

*EVP_PKEY *evp_pkey = PEM_read_bio_PrivateKey(key_bio, NULL, NULL, NULL);*

I tried freeing both *cert* and *evp_pkey* locally before even I use
SSL_Ctx object and after using it and freeing using SSL_CTx_Free(ctx). Both
results in a signal 11 crash.


On Tue, Oct 17, 2017 at 11:37 AM, Benjamin Kaduk <bkaduk at akamai.com> wrote:

> I thought this had become documented recently (i.e., in master only, not
> even in 1.1.0), but can't find any evidence of such documentation.
> SSL_CTX_use_PrivateKey() takes a reference on its pkey argument in the
> same way as SSL_CTX_use_certificate(); it is safe for the local code to
> free its local copy.
> -Ben
> On 10/17/2017 12:32 PM, Adi Mallikarjuna Reddy V wrote:
> Is this documented some where?
> Also is the same true - with SSL_CTX_use_PrivateKey(ctx, evp_pkey) ? where
> I can free evp_pkey with EVP_PKEY_free()?
> Thanks
> Adi
> On Tue, Oct 17, 2017 at 9:50 AM, Benjamin Kaduk <bkaduk at akamai.com> wrote:
>> On 10/17/2017 11:27 AM, Adi Mallikarjuna Reddy V wrote:
>> I am only worried about the following line.
>> SSL_CTX_use_certificate(ctx, cert)
>> After this line is it safe to free cert object while ctx is still used
>> later on?
>> SSL_CTX_use_certificate(ctx, cert), on successful return, takes an
>> additional reference on the supplied |cert| argument to account for the
>> pointer in |ctx|.  Thus, the caller of SSL_CTX_use_certificate() can safely
>> call X509_free(cert) to release the caller's local reference, while the
>> |ctx| retains a pointer to |cert|.
>> -Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171017/6045cc2e/attachment-0001.html>

More information about the openssl-users mailing list