Re: [openssl-users] Issue with freeing X509

2017-10-17 Thread Adi Mallikarjuna Reddy V
Since I tried all that and it crashes, I am going ahead and giving you the more details on how I created *cert/evp_pkey* objects. *X509 *cert = PEM_read_bio_X509_AUX(cert_bio, NULL, NULL, NULL);* *EVP_PKEY *evp_pkey = PEM_read_bio_PrivateKey(key_bio, NULL, NULL, NULL);* I tried freeing both

Re: [openssl-users] Issue with freeing X509

2017-10-17 Thread Benjamin Kaduk via openssl-users
I thought this had become documented recently (i.e., in master only, not even in 1.1.0), but can't find any evidence of such documentation. SSL_CTX_use_PrivateKey() takes a reference on its pkey argument in the same way as SSL_CTX_use_certificate(); it is safe for the local code to free its local

Re: [openssl-users] Issue with freeing X509

2017-10-17 Thread Adi Mallikarjuna Reddy V
Is this documented some where? Also is the same true - with SSL_CTX_use_PrivateKey(ctx, evp_pkey) ? where I can free evp_pkey with EVP_PKEY_free()? Thanks Adi On Tue, Oct 17, 2017 at 9:50 AM, Benjamin Kaduk wrote: > On 10/17/2017 11:27 AM, Adi Mallikarjuna Reddy V wrote: >

Re: [openssl-users] Issue with freeing X509

2017-10-17 Thread Benjamin Kaduk via openssl-users
On 10/17/2017 11:27 AM, Adi Mallikarjuna Reddy V wrote: >> I am only worried about the following line.  >> >> SSL_CTX_use_certificate(ctx, cert) >> >> After this line is it safe to free cert object while ctx is still >> used later on? >> SSL_CTX_use_certificate(ctx, cert), on successful return,

Re: [openssl-users] Issue with freeing X509

2017-10-17 Thread Adi Mallikarjuna Reddy V
I am only worried about the following line. SSL_CTX_use_certificate(ctx, cert) After this line is it safe to free cert object while ctx is still used later on? Thanks Adi On Tue, Oct 17, 2017 at 9:21 AM Benjamin Kaduk wrote: > You only asked about freeing the X509, which

Re: [openssl-users] Issue with freeing X509

2017-10-17 Thread Benjamin Kaduk via openssl-users
You only asked about freeing the X509, which is safe in this situation. It is not safe to free the SSL_CTX if you want to use it again later -- remove this SSL_CTX_free(ctx) call and put one in your program's cleanup instead. -Ben On 10/17/2017 11:08 AM, Adi Mallikarjuna Reddy V wrote: > Forgot

Re: [openssl-users] Issue with freeing X509

2017-10-17 Thread Adi Mallikarjuna Reddy V
Forgot to mention that the ssl_ctx is going to be used by another thread later. When I do x509_free, the handshake doesn’t finish. I see a crash in ssl_accept. Thanks Adi On Tue, Oct 17, 2017 at 8:41 AM Benjamin Kaduk wrote: > On 10/17/2017 08:39 AM, Adi Mallikarjuna Reddy

Re: [openssl-users] Issue with freeing X509

2017-10-17 Thread Benjamin Kaduk via openssl-users
On 10/17/2017 08:39 AM, Adi Mallikarjuna Reddy V wrote: > Hi, > > If I have an X509 object and is created using PEM_read_bio_X509_AUX(), > then Can I free X509 right after the completion > of PEM_read_bio_X509_AUX()? > >                                BIO *cert_bio = BIO_new(BIO_s_mem()); >        

[openssl-users] Issue with freeing X509

2017-10-17 Thread Adi Mallikarjuna Reddy V
Hi, If I have an X509 object and is created using PEM_read_bio_X509_AUX(), then Can I free X509 right after the completion of PEM_read_bio_X509_AUX()? BIO *cert_bio = BIO_new(BIO_s_mem()); X509 *cert = X509_new();