On CentOS 5.5 (RPM package openssl-0.9.8e-12.el5_5.7), I am getting valgrind errors. Although I include what appears to be the full complement of PROG13 recommended cleanup code:
ERR_remove_state(0); ENGINE_cleanup(); CONF_modules_free(); CONF_modules_unload(1); ERR_free_strings(); EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); and I call X509_free() after processing the output of d2i_X509: X509 * x; if ((x = d2i_X509( NULL, &match, cert_len)) != NULL) { // do stuff with x X509_free(x); } // no else clause to print failure errors I am still getting valgrind errors: ==5167== 162 bytes in 2 blocks are still reachable in loss record 1 of 3 ==5167== at 0x4C20E1C: malloc (vg_replace_malloc.c:195) ==5167== by 0x61B7D91: CRYPTO_malloc (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x61B5702: ERR_add_error_data (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x6172E79: ASN1_item_ex_d2i (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x61722C7: ??? (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x617257E: ??? (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x6172D8E: ASN1_item_ex_d2i (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x61722C7: ??? (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x617257E: ??? (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x6172D8E: ASN1_item_ex_d2i (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x61730F3: ASN1_item_d2i (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x448551: my code that calls d2i_X509 ==5167== ==5167== 162 bytes in 2 blocks are still reachable in loss record 2 of 3 ==5167== at 0x4C20E1C: malloc (vg_replace_malloc.c:195) ==5167== by 0x61B7D91: CRYPTO_malloc (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x61B5702: ERR_add_error_data (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x6172E79: ASN1_item_ex_d2i (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x61722C7: ??? (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x617257E: ??? (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x6172D8E: ASN1_item_ex_d2i (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x61730F3: ASN1_item_d2i (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x448551: my code that calls d2i_X509 ==5167== ==5167== 162 bytes in 2 blocks are still reachable in loss record 3 of 3 ==5167== at 0x4C20E1C: malloc (vg_replace_malloc.c:195) ==5167== by 0x61B7D91: CRYPTO_malloc (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x61B5702: ERR_add_error_data (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x6172E79: ASN1_item_ex_d2i (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x61730F3: ASN1_item_d2i (in /lib64/libcrypto.so.0.9.8e) ==5167== by 0x448551: my code that calls d2i_X509 There were three certificates that I attempted to parse, one successfully and two unsuccessfully, matching the three errors. Is there another cleanup routine that I haven't called? Steve Friedman ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org