Hi Magnus, thanks for reply. > > The following patch solves the problem: > > This looks good in generael to me. I remember looking at the engine code > wondering why we didn't do that, but since I don't have a good > environment to test that part in, I forgot about it :( > > Shouldn't there be an ENGINE_free() in the error path of ENGINE_init()? In the patch it is already there, isn't it?
> Should we not also call ENGINE_finish() and ENGINE_free() in the success > path of this code? Your patch adds it to the case where we didn't get > the private key, but what if we did? I assume they should also go > outside the error path, per the attached patch - or will that break > their usage? That's right. I thought about it, but I don't know where the right place is. > Can you test that and verify that it doesn't break for you? It breaks with Segmentation fault in my smartcard-based setup. The pkey-handle is all we have from the engine, when client_cert_cb() is finished. Obviously the ref-counting of openssl does not take the pkey-handle into account, so we need to keep the engine_ptr for later freeing. close_SSL() should be the right place for ENGINE_finish() and ENGINE_free() ? -- Mit freundlichen Grüßen, Lars Kanis Bereichsleiter IT Tel +49 3745 769 -422 Fax +49 3745 769 -334 eMail: ka...@comcard.de Sie können sich unter http://www.comcard.de unseren Newsletter abonnieren! ComCard GmbH Hammerbrücker Straße 3 08223 Falkenstein Geschäftsführer: Dipl.-Ing. Ralph Siegel Amtgericht Chemnitz HRB 3255 Ust.ID DE811118514
signature.asc
Description: This is a digitally signed message part.
