James Darwin wrote:
>
> Hi,
>
> I am having trouble using the "X509* ssl_public_cert" created from the code
> at the end of this message. This code runs fine without error, but when I
> call:
>
[stuff deleted]
> if (!PKCS12_parse(p12, pass_key, &pkey, &cert, NULL)) {
> dce_svc_printf(SDG_S_PKCS12_PARSE_MSG,
> certificate_file, sslerrno());
> }
----> memcpy((void *)ssl_public_cert, (void *)cert, sizeof (X509));
> X509_free(cert);
>
The problem is the line indicated. An X509 structure is contains many
sub structures and can't be just copied like that. When you free it up
you end up with ssl_public_cert containing lots of pointers to freed
memory and the behaviour is thus "undefined": i.e. it may well crash.
If you are going to free it up why don't you just do:
ssl_public_cert = cert;
and then *don't* free up cert. However I don't see why you can't just
pass &ssl_public_cert to PKCS12_parse() in the first place.
If you really want to copy an X509 structure then you can either use:
X509_dup(cert) (which makes a copy) or up the reference count with
CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
