> What it seems to me is that what should be done is
>
> TYPE * API_blah(..., int app_will_free_object)
> #ifdef OLDAPP_COMPATIBILITY
> #define API_blah(....) API_blah(...., X)
> #endif
this will make the library itself more complex: you must handle
app_will_free_object inside API_blah and inside your application you must
always remember which kind of pointer it is. it makes reviewing or
auditing your application and OpenSSL library more difficult.
one question: do we need those _peek_ functions at all? i think
not. and i have a proposal how to keep new library and applications
clean and keep compatibility with older applications:
we can rename all XXX_get_YYY functions to something else (add prefix
openssl_ or use some other word instead of _get_ or capitalize GET) and
then create compatibility library for older apps, which encapsulates all
currently existing inconsistencies. for functions which currently
increment reference count, the compatibility library function is simple
stub:
EVP_PKEY* X509_get_pubkey(X509* x)
{
return(X509_GET_pubkey(x));
}
for functions which do not increment reference count the compatibility
libraray will decrement reference count:
X509* X509_STORE_CTX_get_current_cert(X509_STORE_CTX* ctx)
{
X509* retval= X509_STORE_CTX_GET_current_cert(ctx);
if(retval){
#if defined(CRASH_ON_RACE_CONDITION)
X509_free(retval);
#elif defined(LEAK_MEMORY_ON_RACE_CONDITION)
retval->references--;
#else
/* correct behaviour */
#endif
}
return(retval);
}
arne
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
