Assume the following code snippet:
const unsigned char a_cert = {....... }; (A DER certificate we wish to
load into the context's chain storage)
int size_a_cert = sizeof(a_cert);
const unsigned char *cp;
X509 *cc_cert;
X509_STORE *cc = SSL_CTX_get_cert_store(a_context);
if (cc == NULL) {
panic ("Cannot get chain; fail");
}
cp = a_cert;
cc_cert = d2i_X509(NULL, &cp, size_a_cert);
if (cc_cert == NULL) {
panic("Cert not valid");
}
if (!X509_STORE_add_cert(cc, cc_cert)) { /* Push the cert into
the chain store */
panic ("Cannot add required chain certificate");
}
/* X509_free(cc_cert); */
The question is the last line and whether it should be there
(uncommented) -- does the X509_STORE_add_cert call load the *reference*
or does it load the *data* (allocating whatever it needs internally to
do so)? In other words do I need to keep that X509 structure around
that got allocated by the d2i_X509 call or do I free it after I've
pushed it into the store?
The docs are silent on this as far as I can tell but some example code
I've seen floating around doesn't free it.
--
Karl Denninger
k...@denninger.net <mailto:k...@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
smime.p7s
Description: S/MIME Cryptographic Signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
