Are there any hard and fast rules regarding which openssl functions allocate memory which they expect the caller to then manage and which ones just return a pointer to an existing structure?
I'm thinking about things like X509_get_issuer_name, X509_get_subject_name (which, I think, return pointers), and X509_get_serialNumber (which seems to return a copy).