Looking at the OpenSSL source code, I believe that the caller must free the struct that X509_get_ext_d2i returns. What function should I call to free the returned struct?
My code looks like this: X509_EXTENSION* ext = 0; X509V3_EXT_METHOD* method = 0; void* entries = 0; int idx = -1; int nid = NID_subject_alt_name; idx = X509_get_ext_by_NID(cert, nid, idx); if (idx >= 0) { ext = X509_get_ext(cert, idx); if (ext) { method = X509V3_EXT_get(ext); } } entries = X509_get_ext_d2i(cert, nid, 0, 0); if (method && entries) { STACK_OF(CONF_VALUE)* val = method->i2v(method, entries, 0); for (int j = 0; j < sk_CONF_VALUE_num(val); ++j) { CONF_VALUE* nval = sk_CONF_VALUE_value(val, j); if (strcmpi_(nval->name, "DNS") == 0) { retVal = -2; if (strcmpi_(nval->value, aServerName) == 0) { retVal = 0; break; } } } } Also, do I need to free the result from method->i2v? If so, how? Thanks! -- Doug Sauder ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]