Is there some document around that discusses best practices for dealing with memory management for OpenSSL objects? Most or all of the examples in _Network Security with OpenSSL_ seem to rely on the program ending to clean up any allocated objects left lying around, which of course is not really an ideal approach for long-running daemons. But I'm finding it difficult, when looking at any particular bit of the API, to get a handle on what can be freed when and where.
For example, today I was looking at X509_STORE_add_cert and noticed that it appears to keep a copy of the X509* passed in as an argument, which presumably means that I can't free that X509 until I'm done with the X509_STORE. But that seems a bit awkward if I'm using this cert in all sorts of other places, too; do I have to do my own reference counting for it, or what? The application I'm concerned with is going to be doing large numbers of connections (potentially hundreds or even thousands simultaneously, some to the "same" peer on separate connections), bringing up and down potentially tens of thosuands of SSL connections over its lifetime, and also doing lots of signature validation of documents and things like that. cjs -- Curt Sampson <c...@cynic.net> +81 90 7737 2974 Then I ducked into Burger King to scarf down a whopper with 45 pieces of bacon on it! Oh, oh! --JayDogg ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
