Martin Simmons wrote:
On Thu, 01 Mar 2007 11:40:24 +0100, Peter Sylvester said:
The crtl function basically would do:
CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX)
assuming that calling this directly in the application is not an external
interface.
I think you are kind of right, but there's another possibility.
Does the other instance call SSL_free as well? Note that SSL_free also calls
SSL_CTX_free, so I suspect your call to SSL_CTX_free is not needed (except in
by whoever called SSL_CTX_new). Consider how you would make it work if you
had three SSL objects sharing the same SSL_CTX.
No.
Thats now how reference counting works. If you called a
SSL_FOOBAR_new() function which creates a new object and increments the
reference counter. Then its also your responsibility to call
SSL_FOOBAR_free() to revert that increment.
You are correct SSL_free() also calls SSL_CTX_free() but this is only to
counteract the increment SSL_new() made on the SSL_CTX * it was passed.
The call graph:
userapp: SSL_CTX *ctx = SSL_CTX_new()
openssl: ctx->refcount = 1;
userapp: SSL *ssl = SSL_new(ctx);
openssl: ssl->member_ssl_ctx = ctx; // make pointer reference
openssl: ctx->refcount++; // increment because we have pointer
reference in use
userapp: SSL_free(ssl);
openssl: ssl->member_ssl_ctx = NULL; // clear pointer reference
openssl: ssl->member_ssl_ctx->refcount--; // revert the increment we did
openssl: if(ctx->refcount == 0) { /* really free resources */ }
userapp: SSL_CTX_free(ctx);
openssl: ctx->refcount--; // revert the increment we did
openssl: if(ctx->refcount == 0) { /* really free resources */ }
The point here is that it does not matter which order SSL_free() and
SSL_CTX_free() are called.
Darryl
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
