Kyle: That's a good idea, do you know of a routine that clones X509 structures? I can always write one but I'm lazy. :-)
The plugin doesn't pass the X509 structure to OAM directly, just dissects the cert for information contained therein and uses it to determine the user's authorization level, then returns to OAM. Thanks, -Kenny Boeing IT: Information Security Authorization Controls - Web Single Sign-On kenny.ca...@boeing.com 206-550-0049 -----Original Message----- From: Kyle Hamilton [mailto:aerow...@gmail.com] Sent: Sunday, July 10, 2011 5:37 AM To: Cason, Kenny Cc: openssl-users@openssl.org; ppatter...@carillonis.com; ppatter...@carillon.ca Subject: Re: Extracting X509 Policies that are searchable On Fri, Jul 8, 2011 at 4:06 PM, Cason, Kenny <kenny.ca...@boeing.com> wrote: > That makes perfectly good sense to me. But if that is the case, how does the > extensions section get freed when the regular section does not? > > Could this be something to do with multi-threading? The program where this > crashes is multi-threaded, and I've added callbacks to handle > multi-threading per the OpenSSL documentation. It's possible. The locking functions don't prevent one thread from freeing a resource in use in another thread, they only prevent simultaneous updates to the library's structures. You say you're using Oracle Authorization Manager. Are you passing X509 objects to or from it directly? If so, it might be doing something behind the scenes. Try to thread-local clone the X509 structure as soon as you get it, and use the clone. You'll also be able to see if the extensions actually exist at that point of cloning. -Kyle H
smime.p7s
Description: S/MIME cryptographic signature
