Hi there,
I've been checking up on some memory management issues and have a couple
of questions. If anyone has any thoughts or views I'd very much appreciate
them.
X509_STORE_CTX_get_current_cert() and a few others do not up the reference
count on the X509 object returned. I was carefully X509_free()ing
everything I used and found this anomaly courtesy of some seg-faults. Some
of the functions in x509_vfy.c seem to modify the reference count so I'm
not sure if this is a bug or intentional. It's easy to workaround just by
not freeing, but I'd prefer to know if this should be changed rather than
missing it and having my programs develop leaks.
I'm getting extremely weird reference counts on SSLs and BIOs as below -
this is happening with 0_9_4 and with a recent snapshot of 0_9_5.
(1) I create two BIOs, a read (bio_read) and write (bio_write) that are
both BIO_s_mem()s, an SSL bio (bio_ssl), and an SSL object (ssl). At this
point they all have reference count 1. Ie. in crude ASCII-art form;
+-----+ <--- bio_read
bio_ssl <---> | ssl |
+-----+ ---> bio_write
(2) I add set the read and write BIOs to "ssl" with
SSL_set_bio(ssl, bio_read, bio_write). This does not change the
reference count on anything (everything remains at 1). I'd have expected
this to up the reference count on bio_read and bio_write.
(3) When I call SSL_free(ssl) later, it causes the reference counts for
all of ssl, bio_read and bio_write to be decremented. This is inconsistent
with (2) but seems the right way to operate.
(4) When I call BIO_set_ssl(bio_ssl, ssl, ...) it cause an increment in
ONLY the reference count of bio_read - this is the weirdest of all. I
would expect this to cause ssl, bio_read AND bio_write to all get
incremented but it only increments bio_read.
(5) Calling BIO_free(bio_ssl) decrements the reference counts for all of
ssl, bio_read, and bio_write. This is reasonable but inconsistent with (4)
and pretty much everything else.
I'm not quite sure what I should be doing with these and what the intended
behaviour of the reference mechanisms are - it would certainly appear that
they don't function correctly whatever the intention. Any thoughts?
Thanks in advance,
Geoff
----------------------------------------------------------------------
Geoff Thorpe Email: [EMAIL PROTECTED]
Cryptographic Software Engineer, C2Net Europe http://www.int.c2.net
----------------------------------------------------------------------
May I just take this opportunity to say that of all the people I have
EVER emailed, you are definitely one of them.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
