On Wednesday 22 October 2003 07:53, [EMAIL PROTECTED] via RT wrote:
...
> The bug lies in the code where calls to X509_STORE_add_cert(), and
> X509_STORE_add_crl() are made.
> e.g. (from x509\by_file.c)
>
> i=X509_STORE_add_cert(ctx->store_ctx,x);
> if (!i) goto err;
> count++;
> X509_free(x);
> x=NULL;
This is not a bug. X509_free decreases the reference counter in the
X509 object, and if it reaches zero frees the allocated memory.
After the X509 object has been created with PEM_read_bio_X509_AUX
the reference counter is 1. X509_STORE_add_cert increases the
ref counter (if successful) and hence the X509_free here does
not really free any memory (it simply decreases the ref counter).
...
> if we look at X509_STORE_add_cert...
>
> int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
> {
...
> obj->type=X509_LU_X509;
> obj->data.x509=x;
The important part here is the call to X509_OBJECT_up_ref_count
which increases the reference counter in the X509 object.
Nils
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
