On Tue, Jan 31, 2017 at 04:01:42PM -0800, Adam Langley wrote: > SSL_CTX_add_extra_chain_cert transfers ownership of the given certificate, > so it's best to call X509_STORE_add_cert with that certificate before > rather than after it. (This doesn't cause a problem today because OpenSSL > keeps a reference around and no other calls to modify the chain are made > between. As you might guess from this message, this is not always true > within Google!)
Committed, thank you! https://svn.apache.org/r1781241 > --- test/MockHTTPinC/MockHTTP_server.c (revision 1781186) > +++ test/MockHTTPinC/MockHTTP_server.c (working copy) > @@ -2755,8 +2755,8 @@ > X509 *ssl_cert = PEM_read_X509(fp, NULL, NULL, NULL); > fclose(fp); > > + X509_STORE_add_cert(store, ssl_cert); > SSL_CTX_add_extra_chain_cert(ssl_ctx->ctx, ssl_cert); > - X509_STORE_add_cert(store, ssl_cert); > } > } > > > Cheers > > AGL
