On Tue, Oct 29, 2013, ?????? ??????? wrote: > Hi all! > I've noticed that SSL_CTX_add_extra_chain_cert (actually > ss3_ctx_ctrl (..., SSL_CTRL_EXTRA_CHAIN_CERT, ..., ...)) just pushes > X509 cert to context's cert stack. This means that I'm unable to free > original certificate because double memory freeing occurs when context > is free'd later.
You don't and shouldn't free it: it will be free when the SSL_CTX it is added to is freed. > I'm getting problems with Curl+Openssl because of this. And I > thougth it was good idea to patch Openssl to push duplicated X509 > certs in SSL_CTX_add_extra_chain_cert() routine. This solution helped > me, but I would like to ask you am I missing some hidden pitfalls > here? > If you change OpenSSL then any application that (correctly) doesn't free the passed certificate will end up with a memory leak. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
