Since I tried all that and it crashes, I am going ahead and giving you the more details on how I created *cert/evp_pkey* objects.
*X509 *cert = PEM_read_bio_X509_AUX(cert_bio, NULL, NULL, NULL);* *EVP_PKEY *evp_pkey = PEM_read_bio_PrivateKey(key_bio, NULL, NULL, NULL);* I tried freeing both *cert* and *evp_pkey* locally before even I use SSL_Ctx object and after using it and freeing using SSL_CTx_Free(ctx). Both results in a signal 11 crash. */opt/openssl/1.0.2k/lib64/libcrypto.so.1.0.0(i2c_ASN1_INTEGER+0x10)[0x2b6a4a09d2b0]* */opt/openssl/1.0.2k/lib64/libcrypto.so.1.0.0(asn1_ex_i2c+0x119)[0x2b6a4a0a8269]* */opt/openssl/1.0.2k/lib64/libcrypto.so.1.0.0(+0x13835f)[0x2b6a4a0a835f]* */opt/openssl/1.0.2k/lib64/libcrypto.so.1.0.0(ASN1_item_ex_i2d+0x127)[0x2b6a4a0a85d7]* */opt/openssl/1.0.2k/lib64/libcrypto.so.1.0.0(+0x138b51)[0x2b6a4a0a8b51]* */opt/openssl/1.0.2k/lib64/libcrypto.so.1.0.0(ASN1_item_ex_i2d+0x270)[0x2b6a4a0a8720]* */opt/openssl/1.0.2k/lib64/libcrypto.so.1.0.0(+0x138bdd)[0x2b6a4a0a8bdd]* */opt/openssl/1.0.2k/lib64/libcrypto.so.1.0.0(ASN1_item_ex_i2d+0x270)[0x2b6a4a0a8720]* */opt/openssl/1.0.2k/lib64/libcrypto.so.1.0.0(ASN1_item_i2d+0x4b)[0x2b6a4a0a8ebb]* */opt/openssl/1.0.2k/lib64/libssl.so.1.0.0(+0x463db)[0x2b6a49d473db]* */opt/openssl/1.0.2k/lib64/libssl.so.1.0.0(ssl_add_cert_chain+0xb1)[0x2b6a49d47551]* */opt/openssl/1.0.2k/lib64/libssl.so.1.0.0(ssl3_output_cert_chain+0x28)[0x2b6a49d2dc88]* */opt/openssl/1.0.2k/lib64/libssl.so.1.0.0(ssl3_send_server_certificate+0x3d)[0x2b6a49d1b2bd]* */opt/openssl/1.0.2k/lib64/libssl.so.1.0.0(ssl3_accept+0xfe8)[0x2b6a49d206b8]* */opt/openssl/1.0.2k/lib64/libssl.so.1.0.0(ssl23_get_client_hello+0x94)[0x2b6a49d2f984]* */opt/openssl/1.0.2k/lib64/libssl.so.1.0.0(ssl23_accept+0xa1)[0x2b6a49d30251]* On Tue, Oct 17, 2017 at 11:37 AM, Benjamin Kaduk <bka...@akamai.com> wrote: > I thought this had become documented recently (i.e., in master only, not > even in 1.1.0), but can't find any evidence of such documentation. > > SSL_CTX_use_PrivateKey() takes a reference on its pkey argument in the > same way as SSL_CTX_use_certificate(); it is safe for the local code to > free its local copy. > > -Ben > > On 10/17/2017 12:32 PM, Adi Mallikarjuna Reddy V wrote: > > Is this documented some where? > > Also is the same true - with SSL_CTX_use_PrivateKey(ctx, evp_pkey) ? where > I can free evp_pkey with EVP_PKEY_free()? > > > Thanks > Adi > > On Tue, Oct 17, 2017 at 9:50 AM, Benjamin Kaduk <bka...@akamai.com> wrote: > >> On 10/17/2017 11:27 AM, Adi Mallikarjuna Reddy V wrote: >> >> I am only worried about the following line. >> >> SSL_CTX_use_certificate(ctx, cert) >> >> After this line is it safe to free cert object while ctx is still used >> later on? >> >> >> SSL_CTX_use_certificate(ctx, cert), on successful return, takes an >> additional reference on the supplied |cert| argument to account for the >> pointer in |ctx|. Thus, the caller of SSL_CTX_use_certificate() can safely >> call X509_free(cert) to release the caller's local reference, while the >> |ctx| retains a pointer to |cert|. >> >> -Ben >> > > >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
