I have written my own X509_LOOKUP_METHOD to pull cert data from a database. When I make an ssl connection, X509_STORE_get_by_subject calls my get_cert_by_subject function, which returns a certificate allocated by d2i_X509.
When I run this program under valgrind, that certificate data is leaked very time I make a connection. I thought that cert data would be freed when I call BIO_free_all on the ssl BIO, but it is not. I don't have a pointer to the cert data as it was passed to an internal openssl function. I could track it and add my own free function, but there must be a proper way to do this via openssl functions, can anyone enlighten me? -- Chris Bare
