2) => OK 1) I do not understand when you say I can also call SSL_CTX_use_certificate_file( ) to load another certificate file ... if it fails how can you load another certificate file ?
2011/2/15 lzyzizi <lzyz...@126.com> > What time have you to call SSL_free() and SSL_CTX_free() depends what you > want to end the SSL/SSL_CTX object's lifecycle.Calling these functions is > just like *del* the object in C++,which means you don't want the object > any more. > The failure of calling functions(e.g.SSL_CTX_set_cipher_list( ), > SSL_CTX_use_certificate_file( ), ..., SSL_CTX_set_verify( )) does not mean > that the SSL/SSL_CTX object won't work any more.For example, if the > SSL_CTX_use_certificate_file() fails, it just means that the certificate > file may be not OK.You can also call it to load another certificate file. > > 2)You may not call SSL_CTX_free(),when SSL objects fails.Because the > SSL_CTX object is used to create SSL object as a factory.SSL_CTX may create > many SSL objects.An SSL object just means that this SSL handshake(or other > operations) has errors,which does not imply that SSL_CTX object has > error.Especially, > the failure of these functions(SSL_connect( ), SSL_accept( ), > SSL_get_verify_result()) is common in SSL handshake, because your peer sent > wrong certificate to you or something that violated the SSL protocol.It is > not your fault,so you just need to free the SSL object or do some > reconnection operation. > > > At 2011-02-15 22:40:29,"Aro RANAIVONDRAMBOLA" <razuk...@gmail.com> wrote: > > Hello, > I 'd like to know at what time have I to call SSL_free( ) and SSL_CTX_free( > ) > 1) For example, I call SSL_CTX_free( ) when a call to a function which fill > in the CTX fails ( SSL_CTX_set_cipher_list( ), SSL_CTX_use_certificate_file( > ), ..., SSL_CTX_set_verify( ) ). I am wondering if it is a good idea. > 2) I call both SSL_free( ) and SSL_CTX_free( ) when a function using SSL > object fails. it concerns SSL_connect( ), SSL_accept( ), > SSL_get_verify_result(), ... is that OK ? > thanks > > > >
