On 4 Apr 2012, at 12:10 PM, Sunjeet Singh wrote: > If I have multiple SSL connections using an engine at the same time, IS IT > TRUE THAT- > 1. I should have at least one structural and one functional reference for the > entire duration within which the engine will be used i.e., between the calls > to ENGINE_by_id() and ENGINE_cleanup(). Or can the structural reference be > freed once a functional reference has been obtained?
The structural reference is not needed if you also have a functional reference. So, for example, the following is a reasonable pattern: get structural references for several ENGINEs figure out which one you want to use get a functional reference for that one (ENGINE_init()) ENGINE_free all of the structural references you got, including the one for the ENGINE you're using ... do something with the ENGINE ... free the functional reference (ENGINE_finish()) The SSL context will take care of calling init/finish for the engine it uses, however. If what you are doing is calling SSL_CTX_set_client_cert_engine(), all you need to do is have a structural reference when you make the call; if you have no further need of the ENGINE you can free the structural reference immediately afterwards. The SSL_CTX will obtain the references it needs and will release them when the SSL_CTX itself is deallocated. At least, that is my understanding. > 2. Although various other functions like ENGINE_init(), ENGINE_set_default(), > etc. increase the number of structural and functional references to my engine > variable (as documented for each function), I should go on a free the extra > references and should only maintain one structural and one functional > reference to the engine at all times. I don't think there is any cost to having extra references (of either kind) to an ENGINE, as long as all of the references are freed when you are done. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
