Hi, A call to SSL_new increments the reference count of the SSL_CTX object. In some application contexts one would like to pass around an SSL_CTX object and share it.
If sharing occurs before an SSL_new is called and another instance does SSL_new and SSL_CTX_free, the SSL_CTX is freed. In order to avoid this free operation, currently one can create a fake SSL immediately after sharing the SSL_CTX pointer so so that the SSL_CTX remains alive.I find this a bit ugly to unncessarily go through the initialisation of an SSL
object. All what would be needed IMO is a SSL_CTX_ctrl function that adds 1 to the reference count, the other function to dereference is already there, i.e. SSL_CTX_free. The crtl function basically would do: CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX) assuming that calling this directly in the application is not an external interface. I can provide a patch. Peter
smime.p7s
Description: S/MIME Cryptographic Signature
