Add SSL_CTX_set1_cert_store #71
Labels
Comments
|
upstream openssl has merged now (in openssl/openssl@b50052d) |
|
@busterb was this fixed? |
|
oh, pardon, I misread the link |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
SSL_CTX_set_cert_store does not increment the reference count of the store object. This a trap for the unwary as OpenSSL has been inconsistent in this regard. Some "set_foo" routines will increment the reference, others won't, and my habit has always been to examine the implementations. Newer APIs use the set0_foo and set1_foo, which is a much nicer contract that allows me to relax a little more.
I've been using a fake SSL_CTX_set1_cert_store macro in my projects for a couple of years now which only incremented the reference if SSL_CTX_set_cert_store failed to. (I was afraid somebody might "fix" the routine by incrementing the reference count, causing a leak in my wrapper.) But now that OpenSSL objects are going opaque I can't test the reference count anymore.
OpenSSL is also adding SSL_CTX_set1_cert_store:
openssl/openssl#1755
openssl/openssl#1734
The text was updated successfully, but these errors were encountered: