examples: improve OpenSSL certificate examples

[vszakats]

• add/fix/synchronize error messages and comments.
• consistently return error from the callback on failure.
• fix potential leaks on OpenSSL API failures.
• fix to not pass the nul-terminator to BIO read.
• scope a variable.
• sync code/formatting between the two examples.

---

https://github.com/curl/curl/pull/20807/files?w=1

[vszakats]

@aisle-analyzer augment review

[aisle-research-bot]

🔒 Aisle Security Analysis

We found 1 potential security issue(s) in this PR:

#	Severity	Title
1	🔵 Low	Silent client-certificate authentication downgrade in OpenSSL SSL_CTX callback example (errors ignored)

See details in the comment below.

---

Analyzed PR: #20807 at commit 707b0ef

_{Last updated on: 2026-03-03T22:54:47Z}

[Copilot]

Pull request overview

This PR makes minor improvements to two OpenSSL in-memory certificate example files (cacertinmem.c and usercertinmem.c). The changes aim to improve error messages (naming the failing function directly), propagate errors from the SSL context callback to the caller, scope variables more narrowly, and synchronize the code style between the two examples.

Changes:

• Error messages are updated to name the specific OpenSSL/curl function that failed (e.g., BIO_new_mem_buf() failed instead of generic messages).
• A result variable is introduced in both files so the callback can return an error code instead of always returning CURLE_OK.
• mypem/mykey string literals are moved to the top of the function and marked static, and variable declarations are reordered for consistency.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
docs/examples/usercertinmem.c	Updates error messages, adds result variable, marks mypem/mykey as static, reorders declarations
docs/examples/cacertinmem.c	Updates error messages, adds result variable, restructures error handling, changes mypem from array to pointer, scopes loop variable

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[augmentcode]

🤖 Augment PR Summary

Summary: Refines the OpenSSL “certificate/key in memory” examples to behave more consistently on errors and to reduce leak/cleanup risks.

Changes:

• Refactors both sslctx_function() callbacks to use a single result return path with goto out cleanup.
• Standardizes error messages to name the failing OpenSSL API call and adds missing early-abort checks.
• Stores PEM blobs as static const char[] and passes explicit buffer lengths (sizeof(...) - 1) to BIO_new_mem_buf().
• Ensures OpenSSL allocations (BIO/X509/EVP_PKEY/STACK) are consistently freed across all paths.

Technical Notes: Callbacks now return CURLE_ABORTED_BY_CALLBACK on setup failures, matching the PR’s stated intent.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 4 suggestions posted.

Comment augment review to trigger a new review at any time.

[vszakats]

@aisle-analyzer augment review

[aisle-research-bot]

🔒 Aisle Security Analysis

✅ We scanned this PR and did not find any security vulnerabilities.

_{Aisle supplements but does not replace security review.}

---

Analyzed PR: #20807 at commit 3b75349

_{Last updated on: 2026-03-03T23:29:37Z}

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[augmentcode]

Review completed. 1 suggestions posted.

Comment augment review to trigger a new review at any time.

[vszakats]

augment review

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[augmentcode]

Review completed. No suggestions at this time.

Comment augment review to trigger a new review at any time.