| Hello,
Looking at the code in x509_lu.c, X509_STORE_add_cert() takes ownership of your X509 *cc_cert -- you don't need to (and probably shouldn't) free it.
Cheers, -Dave
Assume the following code snippet: const unsigned char a_cert = {....... }; (A DER certificate we
wish to load into the context's chain storage)
int size_a_cert = sizeof(a_cert); const unsigned char *cp; X509 *cc_cert;
X509_STORE *cc = SSL_CTX_get_cert_store(a_context);
if (cc == NULL) {
panic ("Cannot get chain; fail");
}
cp = a_cert;
cc_cert = d2i_X509(NULL, &cp, size_a_cert);
if (cc_cert == NULL) {
panic("Cert not valid");
}
if (!X509_STORE_add_cert(cc, cc_cert)) { /* Push the cert
into the chain store */
panic ("Cannot add required chain certificate");
}
/* X509_free(cc_cert); */
The question is the last line and whether it should be there
(uncommented) -- does the X509_STORE_add_cert call load the
*reference* or does it load the *data* (allocating whatever it
needs internally to do so)? In other words do I need to keep that
X509 structure around that got allocated by the d2i_X509 call or
do I free it after I've pushed it into the store? The docs are silent on this as far as I can tell but some example
code I've seen floating around doesn't free it.
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
|
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
