Assume the following code snippet: const unsigned char a_cert = {....... }; (A DER certificate we wish to load into the context's chain storage) int size_a_cert = sizeof(a_cert);
const unsigned char *cp; X509 *cc_cert; X509_STORE *cc = SSL_CTX_get_cert_store(a_context); if (cc == NULL) { panic ("Cannot get chain; fail"); } cp = a_cert; cc_cert = d2i_X509(NULL, &cp, size_a_cert); if (cc_cert == NULL) { panic("Cert not valid"); } if (!X509_STORE_add_cert(cc, cc_cert)) { /* Push the cert into the chain store */ panic ("Cannot add required chain certificate"); } /* X509_free(cc_cert); */ The question is the last line and whether it should be there (uncommented) -- does the X509_STORE_add_cert call load the *reference* or does it load the *data* (allocating whatever it needs internally to do so)? In other words do I need to keep that X509 structure around that got allocated by the d2i_X509 call or do I free it after I've pushed it into the store? The docs are silent on this as far as I can tell but some example code I've seen floating around doesn't free it. -- Karl Denninger k...@denninger.net <mailto:k...@denninger.net> /The Market Ticker/ /[S/MIME encrypted email preferred]/
smime.p7s
Description: S/MIME Cryptographic Signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users