On 10/06/2015 12:41, Thulasi Goriparthi wrote: > X509_STORE_add_cert increments the reference count of the each cert, > but only by 1. Sounds like there should be X509_STORE_add0_cert() and X509_STORE_add1_cert() like for other parts of the library. > X509_STORE_free decrements the ref count by 1. So after decrementing, > if ref_count is 0, certificate will be freed. > > Jakob is saying that if you want them to stay even after > X509_STORE_free, explicitly increment the ref count before calling > free using something like below. > Interesting! I assumed (based on the standard refcounting paradigm) that the reference count of a new object would be 1, and that some API (perhaps X509_free()) would decrement and free if it hit 0. > CRYPTO_add(certificate->references, 1, CRYPTO_LOCK_X509); > Is there really no proper API wrapping this? > > decrypt the ref count when you really want to free them and call > X509_free(certificate). > Is there really no proper API wrapping this? > > On 10 June 2015 at 10:20, Nayna Jain <naynjain at in.ibm.com > <mailto:naynjain at in.ibm.com>> wrote: > > Thanks Jacob, > So, does that API do not increment reference count internally itself. > > I mean if I have to explicitly do that, what is the API for that ? > > Thanks & Regards, > Nayna Jain > > Inactive hide details for Jakob Bohm ---06/10/2015 09:49:54 > AM---On 10/06/2015 05:22, Nayna Jain wrote: >Jakob Bohm > ---06/10/2015 09:49:54 AM---On 10/06/2015 05:22, Nayna Jain wrote: > > > From: Jakob Bohm <jb-openssl at wisemo.com > <mailto:jb-openssl at wisemo.com>> > To: openssl-users at openssl.org <mailto:openssl-users at openssl.org> > Date: 06/10/2015 09:49 AM > Subject: Re: [openssl-users] X509_STORE_free() and > X509_LOOKUP_free() also frees the X509 certificates inside it > Sent by: "openssl-users" <openssl-users-bounces at openssl.org > <mailto:openssl-users-bounces at openssl.org>> > > ------------------------------------------------------------------------ > > > > > On 10/06/2015 05:22, Nayna Jain wrote: > > > Hi all, > > I am using X509_STORE and X509_LOOKUP to verify the > certificate and its chain. > > But at the end when I do X509_STORE_free(store) and > X509_LOOKUP_free(lookup), it is also doing free of the X509* > certificate which I added. > But I don't want that, because after that when I immediately > try to access X509* certificate for further operation, then it > results in core dump > > And if I don't do X509_STORE_free() then it will leave the > memory leak. > > Let me know how to resolve this and if I misunderstood something. > > > X509 objects (and many other objects in the API) are > reference counted. > > Increment the reference count of each certificate as > you add it to the X509_STORE, this should make the > X509 object stay around after X509_STORE_free() frees > it. > > However there is a shortage of documentation on the > reference counting functions involved. > Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150610/8885b3ba/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 105 bytes Desc: not available URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150610/8885b3ba/attachment-0001.gif>
