> On Jan 2, 2018, at 7:38 PM, Karl Denninger <karl@xxxxxxxxxxxxx> wrote: > > The question is the last line and whether it should be there (uncommented) -- does the X509_STORE_add_cert call load the *reference* or does it load the *data* (allocating whatever it needs internally to do so)? In other words do I need to keep that X509 structure around that got allocated by the d2i_X509 call or do I free it after I've pushed it into the store? > > The docs are silent on this as far as I can tell but some example code I've seen floating around doesn't free it. The store takes ownership of the object (bumps its reference count when it is added to the store) and so the caller should free it if no longer needed outside the store. At first glance I thought that commit: c0452248ea1a59a41023a4765ef7d9825e80a62b changed this in master, but a more careful reading of the code reveals that the behaviour remains the same (corect). The behaviour should of course be documented. Feel free to open an issue on github. I should note that taking ownership of the object when added to the store is the "natural" or "expected" behaviour, and while this does not "excuse" not documenting it, that should be the best guess of how the function behaves. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
