On Sun, Jan 28, 2018 at 7:05 PM, pratyush parimal < [email protected]> wrote:
> Hi all, > > I'm trying to write an application in which I create an instance of > SSL_CTX* using SSL_CTX_new(), and set the following things in it: > > (1) An EVP_PKEY* : > 1a> created with PEM_read_bio_PrivateKey(). > 1b> set in the ctx using SSL_CTX_use_PrivateKey(). > after setting key, free key > > (2) A number of X509* instances (cuz chained certs) : > 2a> all created with PEM_read_bio_X509(). > 2b> set in the ctx using SSL_CTX_use_certificate() or > SSL_CTX_add_extra_chain_cert(). > after setting certs, free certs. > > At the end, I use SSL_CTX_free() to free up the ctx. According to the man > page for SSL_CTX_free(): > > "SSL_CTX_free() decrements the reference count of ctx, and removes the > SSL_CTX object pointed to by ctx and frees up the allocated memory if the > the reference count has reached 0. > It also calls the free()ing procedures for indirectly affected > items, if applicable: the session cache, the list of ciphers, the list of > Client CAs, the certificates and keys. " > > ... which tells me that freeing the SSL_CTX should free up its memory as > well as the things I set inside of it (unless I'm interpreting it super > wrong?) like " ... certificates and keys". > The problem is, when run my application under valgrind, I keep seeing > memory leaks for both steps (1a) and (2a). > > I tried to get rid of them, by using EVP_PKEY_free() after I'm done > setting in step (1b). This works, and the leak for step (1a) goes away. > When I try to do the same for step (2), i.e. calling X509_free() after > every successful "set" call, I get a coredump (backtrace is attached: > bt_1.txt), coming out of SSL_CTX_free, suggesting that I did something > wrong. > > > Which brings me to my question, does anyone know the correct way to free > memory in SSL_CTX ? Or, what's wrong with my steps? The application doesn't > even perform SSL yet, I'm just trying to create/destroy SSL_CTX objects > without leaks first. Any help would be appreciated! > > > Thanks in advance, > -Pratyush. > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
