Hi all! I've noticed that SSL_CTX_add_extra_chain_cert (actually ss3_ctx_ctrl (..., SSL_CTRL_EXTRA_CHAIN_CERT, ..., ...)) just pushes X509 cert to context's cert stack. This means that I'm unable to free original certificate because double memory freeing occurs when context is free'd later. I'm getting problems with Curl+Openssl because of this. And I thougth it was good idea to patch Openssl to push duplicated X509 certs in SSL_CTX_add_extra_chain_cert() routine. This solution helped me, but I would like to ask you am I missing some hidden pitfalls here?
--- Mikle
