Re: [openssl-users] Unclear docs -- request clarification on X509_STORE_add_cert

On 1/2/2018 19:36, Dave Coombs wrote: >> The observation is correct, but the conclusion is wrong. >> The object is reference counted, and X509_free() is needed >> to avoid a leak (when the store is freed along with the >> context). > My apologies -- I assumed based on its name that X509_OBJECT_up_r

Re: [openssl-users] Unclear docs -- request clarification on X509_STORE_add_cert

> The observation is correct, but the conclusion is wrong. > The object is reference counted, and X509_free() is needed > to avoid a leak (when the store is freed along with the > context). My apologies -- I assumed based on its name that X509_OBJECT_up_ref_count was upping the refcount on the in

Re: [openssl-users] Unclear docs -- request clarification on X509_STORE_add_cert

> On Jan 2, 2018, at 8:10 PM, Dave Coombs wrote: > > Looking at the code in x509_lu.c, X509_STORE_add_cert() takes ownership of > your X509 *cc_cert -- you don't need to (and probably shouldn't) free it. The observation is correct, but the conclusion is wrong. The object is reference counted,

Re: [openssl-users] Unclear docs -- request clarification on X509_STORE_add_cert

> On Jan 2, 2018, at 7:38 PM, Karl Denninger wrote: > > The question is the last line and whether it should be there (uncommented) -- > does the X509_STORE_add_cert call load the *reference* or does it load the > *data* (allocating whatever it needs internally to do so)? In other words do >

Re: [openssl-users] Unclear docs -- request clarification on X509_STORE_add_cert

Hello, Looking at the code in x509_lu.c, X509_STORE_add_cert() takes ownership of your X509 *cc_cert -- you don't need to (and probably shouldn't) free it. Cheers, -Dave > On Jan 2, 2018, at 19:38, Karl Denninger wrote: > > Assume the following code snippet: > > const unsigned char a_cert

[openssl-users] Unclear docs -- request clarification on X509_STORE_add_cert

Assume the following code snippet: const unsigned char a_cert = {... }; (A DER certificate we wish to load into the context's chain storage) int size_a_cert = sizeof(a_cert); const unsigned char *cp; X509 *cc_cert; X509_STORE *cc = SSL_CTX_get_cert_store(a_context); if (cc == NULL) {     pa

Re: [openssl-users] How to form a proper hash after writing somethinginto SSL handshake.(Revised)

Hi, Happy 2018 everyone. I figured out this issue, I think it would be good to share it here in case if anyone is interested in knowing. The right way to make a hash is by calculating hash individually for the messages client certificate, client key exchange and store the message buffer in an