I am only worried about the following line.SSL_CTX_use_certificate(ctx, cert)After this line is it safe to free cert object while ctx is still used later on?ThanksAdi
On Tue, Oct 17, 2017 at 9:21 AM Benjamin Kaduk <bkaduk@xxxxxxxxxx> wrote:
You only asked about freeing the X509, which is safe in this situation.
It is not safe to free the SSL_CTX if you want to use it again later -- remove this SSL_CTX_free(ctx) call and put one in your program's cleanup instead.
-Ben
On 10/17/2017 11:08 AM, Adi Mallikarjuna Reddy V wrote:
Forgot to mention that the ssl_ctx is going to be used by another thread later. When I do x509_free, the handshake doesn’t finish.
I see a crash in ssl_accept.
ThanksAdi
On Tue, Oct 17, 2017 at 8:41 AM Benjamin Kaduk <bkaduk@xxxxxxxxxx> wrote:
On 10/17/2017 08:39 AM, Adi Mallikarjuna Reddy V wrote:
Hi,
If I have an X509 object and is created using PEM_read_bio_X509_AUX(), then Can I free X509 right after the completion of PEM_read_bio_X509_AUX()?
BIO *cert_bio = BIO_new(BIO_s_mem());X509 *cert = X509_new();BIO_puts(cert_bio, cert_str.c_str());cert = PEM_read_bio_X509_AUX(cert_bio, &cert, NULL, NULL);if ( (cert != NULL) && SSL_CTX_use_certificate(ctx, cert) < 1) {SSL_CTX_free(ctx);
Yes.
-Ben
return NULL;}if(cert_bio !=NULL) {BIO_free(cert_bio);}if(cert != NULL) {X509_free(cert); //is it needed?}
ThanksAdi
--
Sent from Mobile
--
Sent from Mobile
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
