On 10/06/2015 12:41, Thulasi Goriparthi wrote:
X509_STORE_add_cert increments the reference count of the each cert,
but only by 1.
Sounds like there should be X509_STORE_add0_cert() and
X509_STORE_add1_cert() like for other parts of the library.
X509_STORE_free decrements the ref count by 1. So after decrementing,
if ref_count is 0, certificate will be freed.
Jakob is saying that if you want them to stay even after
X509_STORE_free, explicitly increment the ref count before calling
free using something like below.
Interesting! I assumed (based on the standard
refcounting paradigm) that the reference count of a
new object would be 1, and that some API (perhaps
X509_free()) would decrement and free if it hit 0.
CRYPTO_add(certificate->references, 1, CRYPTO_LOCK_X509);
Is there really no proper API wrapping this?
decrypt the ref count when you really want to free them and call
X509_free(certificate).
Is there really no proper API wrapping this?
On 10 June 2015 at 10:20, Nayna Jain <naynj...@in.ibm.com
<mailto:naynj...@in.ibm.com>> wrote:
Thanks Jacob,
So, does that API do not increment reference count internally itself.
I mean if I have to explicitly do that, what is the API for that ?
Thanks & Regards,
Nayna Jain
Inactive hide details for Jakob Bohm ---06/10/2015 09:49:54
AM---On 10/06/2015 05:22, Nayna Jain wrote: >Jakob Bohm
---06/10/2015 09:49:54 AM---On 10/06/2015 05:22, Nayna Jain wrote: >
From: Jakob Bohm <jb-open...@wisemo.com
<mailto:jb-open...@wisemo.com>>
To: openssl-users@openssl.org <mailto:openssl-users@openssl.org>
Date: 06/10/2015 09:49 AM
Subject: Re: [openssl-users] X509_STORE_free() and
X509_LOOKUP_free() also frees the X509 certificates inside it
Sent by: "openssl-users" <openssl-users-boun...@openssl.org
<mailto:openssl-users-boun...@openssl.org>>
------------------------------------------------------------------------
On 10/06/2015 05:22, Nayna Jain wrote:
Hi all,
I am using X509_STORE and X509_LOOKUP to verify the
certificate and its chain.
But at the end when I do X509_STORE_free(store) and
X509_LOOKUP_free(lookup), it is also doing free of the X509*
certificate which I added.
But I don't want that, because after that when I immediately
try to access X509* certificate for further operation, then it
results in core dump
And if I don't do X509_STORE_free() then it will leave the
memory leak.
Let me know how to resolve this and if I misunderstood something.
X509 objects (and many other objects in the API) are
reference counted.
Increment the reference count of each certificate as
you add it to the X509_STORE, this should make the
X509 object stay around after X509_STORE_free() frees
it.
However there is a shortage of documentation on the
reference counting functions involved.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
