I'm using OpenSSL 1.1.0f in a client application. My implementation is using
up memory like crazy, so I must not be doing something right.
I read that 1.1.0 no longer needs explicit library initialization, so I've
take out the one-time calls (like SSL_library_init() and
SSL_load_error_strings()).
I create an SSL_CTX object and an SSL object for each communication I have
to do. The connections may use different certificate/key files so I create
and destroy these objects for each connection (I'm using non-blocking
sockets on a Windows platform).
Having tried numerous variations, I'm currently using this code to create
the objects:
const SSL_METHOD* meth = SSLv23_method();
ssl_ctx = SSL_CTX_new(meth);
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, nullptr);
SSL_CTX_set_quiet_shutdown(ssl_ctx, 1); // non-standard.
SSL_CTX_sess_set_cache_size(ssl_ctx, 1); // no longer needed after
adding
next line (?)
SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_OFF);
// setup certificate file, private key file, password, etc.
SetupContext(info);
ssl = SSL_new(ssl_ctx);
bio[BIO_SEND] = BIO_new(BIO_s_mem());
bio[BIO_RECV] = BIO_new(BIO_s_mem());
SSL_set_bio(ssl, bio[BIO_RECV], bio[BIO_SEND]);
and the clean up at the end of the communication is done this way:
if ( nullptr != ssl )
{
SSL_shutdown(ssl);
SSL_CTX_free(ssl_ctx);
SSL_free(ssl); // free's the two bio buffers associated with
it.
ssl = nullptr;
}
What am I missing?
Thanks.
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-Dev-f29372.html
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
