Hi,

I've found an explanation in the SSL on-line documentation that should be 
corrected.

In http://www.openssl.org/docs/ssl/SSL_get_session.html#,
"If the data is to be kept, SSL_get1_session() will increment the reference count and 
the 
session will stay in memory until explicitly freed with SSL_SESSION_free(3), 
regardless of its state."

But as stated in http://www.openssl.org/docs/ssl/SSL_SESSION_free.html#,
a single call of SSL_SESSION_free() does NOT free the session obtained with 
SSL_get1_session.
In order to free it, SSL_SESSION_free() must be called until the the reference count 
has reached 0.

So the description in the SSL_get_session.html might lead to misunderstanding-- better 
to be corrected.

Thanks,
Taka Shinagawa --- OpenSSL developer for OpenVMS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to