>>>>> On Thu, 01 Mar 2007 11:40:24 +0100, Peter Sylvester said: > > Hi, > > A call to SSL_new increments the reference count of the SSL_CTX object. > In some application contexts one would like to pass around an SSL_CTX object > and share it. > > If sharing occurs before an SSL_new is called and another > instance does SSL_new and SSL_CTX_free, the SSL_CTX is freed. > In order to avoid this free operation, currently one can create a fake SSL > immediately after sharing the SSL_CTX pointer so so that the SSL_CTX > remains alive. > I find this a bit ugly to unncessarily go through the initialisation of > an SSL > object. All what would be needed IMO is a SSL_CTX_ctrl function that > adds 1 to the reference count, the other function to dereference is already > there, i.e. SSL_CTX_free. > > The crtl function basically would do: > > CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX) > > assuming that calling this directly in the application is not an external > interface.
I think you are kind of right, but there's another possibility. Does the other instance call SSL_free as well? Note that SSL_free also calls SSL_CTX_free, so I suspect your call to SSL_CTX_free is not needed (except in by whoever called SSL_CTX_new). Consider how you would make it work if you had three SSL objects sharing the same SSL_CTX. __Martin ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
