Yes, I am using a BIO pair on the encrypted side. This is good advice. I will try it.
-----Original Message----- From: owner-openssl-us...@openssl.org on behalf of David Schwartz Sent: Sat 4/18/2009 10:04 PM To: openssl-users@openssl.org Subject: RE: tracking down memory leaks > Yeah, I think I tried that. > > But I got multiple free errors. Maybe I did it wrong. I'll try > what you suggest. What I remember was that it was wrong to delete > the SSL session (implicitly deleting the equivalent of io_bio in > your example), and then ap_bio. I didn't try deleting io_bio > FIRST, then the session, then the ap_bio. The BIO that's implicitly deleted when you free the SSL session is the bio that's the other side of the I/O bio pair. Neither the I/O BIO (the one you exchange encrypted data with) nor the SSL BIO (the one you exchange application data with) are implicitly deleted. (I'm assuming you're using BIO pairs.) Basically, this is how I do it: ssl_session=SSL_new(ssl_context); BIO_new_bio_pair(&bio, 0, &io_bio, 0); ap_bio=BIO_new(BIO_f_ssl()); SSL_set_[accept|connect]_state(ssl_session); SSL_set_bio(ssl_session, bio, bio); BIO_set_ssl(ap_bio, ssl_session, BIO_NOCLOSE); And then I tear it down as I showed. I exchange encrypted data with the io_bio and exchange application data with the ap_bio. DS
<<winmail.dat>>
