Hello, Looking at the code in x509_lu.c, X509_STORE_add_cert() takes ownership of your X509 *cc_cert -- you don't need to (and probably shouldn't) free it.
Cheers, -Dave > On Jan 2, 2018, at 19:38, Karl Denninger <k...@denninger.net> wrote: > > Assume the following code snippet: > > const unsigned char a_cert = {....... }; (A DER certificate we wish to load > into the context's chain storage) > int size_a_cert = sizeof(a_cert); > > const unsigned char *cp; > > X509 *cc_cert; > X509_STORE *cc = SSL_CTX_get_cert_store(a_context); > if (cc == NULL) { > panic ("Cannot get chain; fail"); > } > cp = a_cert; > cc_cert = d2i_X509(NULL, &cp, size_a_cert); > if (cc_cert == NULL) { > panic("Cert not valid"); > } > if (!X509_STORE_add_cert(cc, cc_cert)) { /* Push the cert into the > chain store */ > panic ("Cannot add required chain certificate"); > } > /* X509_free(cc_cert); */ > The question is the last line and whether it should be there (uncommented) -- > does the X509_STORE_add_cert call load the *reference* or does it load the > *data* (allocating whatever it needs internally to do so)? In other > words do I need to keep that X509 structure around that got allocated by the > d2i_X509 call or do I free it after I've pushed it into the store? > > The docs are silent on this as far as I can tell but some example code I've > seen floating around doesn't free it. > -- > Karl Denninger > k...@denninger.net <mailto:k...@denninger.net> > The Market Ticker > [S/MIME encrypted email preferred] > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users