What time have you to call SSL_free() and SSL_CTX_free() depends what you want to end the SSL/SSL_CTX object's lifecycle.Calling these functions is just likedel the object in C++,which means you don't want the object any more. The failure of calling functions(e.g.SSL_CTX_set_cipher_list( ), SSL_CTX_use_certificate_file( ), ..., SSL_CTX_set_verify( )) does not mean that the SSL/SSL_CTX object won't work any more.For example, if the SSL_CTX_use_certificate_file() fails, it just means that the certificate file may be not OK.You can also call it to load another certificate file.
2)You may not call SSL_CTX_free(),when SSL objects fails.Because the SSL_CTX object is used to create SSL object as a factory.SSL_CTX may create many SSL objects.An SSL object just means that this SSL handshake(or other operations) has errors,which does not imply that SSL_CTX object has error.Especially, the failure of these functions(SSL_connect( ), SSL_accept( ), SSL_get_verify_result()) is common in SSL handshake, because your peer sent wrong certificate to you or something that violated the SSL protocol.It is not your fault,so you just need to free the SSL object or do some reconnection operation. At 2011-02-15 22:40:29,"Aro RANAIVONDRAMBOLA" <razuk...@gmail.com> wrote: Hello, I 'd like to know at what time have I to call SSL_free( ) and SSL_CTX_free( ) 1) For example, I call SSL_CTX_free( ) when a call to a function which fill in the CTX fails ( SSL_CTX_set_cipher_list( ), SSL_CTX_use_certificate_file( ), ..., SSL_CTX_set_verify( ) ). I am wondering if it is a good idea. 2) I call both SSL_free( ) and SSL_CTX_free( ) when a function using SSL object fails. it concerns SSL_connect( ), SSL_accept( ), SSL_get_verify_result(), ... is that OK ? thanks
